[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JV00J-0002TR-G9@artemis.annvix.ca>
Date: Fri, 29 Feb 2008 00:50:03 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:055 ] - Updated ghostscript packages
fix arbitrary code execution vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:055
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : February 29, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Chris Evans found a buffer overflow condition in Ghostscript, which can
lead to arbitrary code execution as the user running any application
using it to process a maliciously crafted Postscript file.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
adc368d980c87e91a980e485fb4e354d 2007.0/i586/ghostscript-8.15-47.1mdv2007.0.i586.rpm
f46e26b01e4680e08df41f74aeb72f74 2007.0/i586/ghostscript-X-8.15-47.1mdv2007.0.i586.rpm
868b81c842717472ee1c6b3e968b9299 2007.0/i586/ghostscript-common-8.15-47.1mdv2007.0.i586.rpm
59e54a2acbba194ef3e322db75fb3eae 2007.0/i586/ghostscript-dvipdf-8.15-47.1mdv2007.0.i586.rpm
03393c9564dfe104169618f8132e76c7 2007.0/i586/ghostscript-module-X-8.15-47.1mdv2007.0.i586.rpm
476b2b85012f5671577f691981b70cb6 2007.0/i586/libgs8-8.15-47.1mdv2007.0.i586.rpm
edaca05744d4e3e06ece218f096d318b 2007.0/i586/libgs8-devel-8.15-47.1mdv2007.0.i586.rpm
4f3095b54b404cb51a351b8fd36a58c6 2007.0/i586/libijs1-0.35-47.1mdv2007.0.i586.rpm
4fc99d3d1365a0f64e8828c0389396e2 2007.0/i586/libijs1-devel-0.35-47.1mdv2007.0.i586.rpm
e87895f43a658ff693dd890f70cac645 2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
0258f184c3bec2d9361a8ef20def2603 2007.0/x86_64/ghostscript-8.15-47.1mdv2007.0.x86_64.rpm
ecd4058e54b39c09ec7c5d4ab7cd8e6b 2007.0/x86_64/ghostscript-X-8.15-47.1mdv2007.0.x86_64.rpm
cc0f588e9b3abbed1f04296410361ad2 2007.0/x86_64/ghostscript-common-8.15-47.1mdv2007.0.x86_64.rpm
d3a23bc6a83a50a04336757f856df761 2007.0/x86_64/ghostscript-dvipdf-8.15-47.1mdv2007.0.x86_64.rpm
916ea2a068afaf69a8dcb182ae409098 2007.0/x86_64/ghostscript-module-X-8.15-47.1mdv2007.0.x86_64.rpm
ab38b291e058f0fe93b35d647845d696 2007.0/x86_64/lib64gs8-8.15-47.1mdv2007.0.x86_64.rpm
35c21066635384bc779d7191421dbdec 2007.0/x86_64/lib64gs8-devel-8.15-47.1mdv2007.0.x86_64.rpm
565329aff7352e288bd013255a8ab2c0 2007.0/x86_64/lib64ijs1-0.35-47.1mdv2007.0.x86_64.rpm
5e9b515501e6cd3c85bba86e124f709d 2007.0/x86_64/lib64ijs1-devel-0.35-47.1mdv2007.0.x86_64.rpm
e87895f43a658ff693dd890f70cac645 2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
8fcddc25006640ddefc391d31b08ce2b 2007.1/i586/ghostscript-8.15-48.1mdv2007.1.i586.rpm
c7e24d11078548da50369047e1fdecb3 2007.1/i586/ghostscript-X-8.15-48.1mdv2007.1.i586.rpm
d9445eab4bb7e790448c4c802d941dbe 2007.1/i586/ghostscript-common-8.15-48.1mdv2007.1.i586.rpm
493426cfe807f8ca889a96ee458bcc3a 2007.1/i586/ghostscript-doc-8.15-48.1mdv2007.1.i586.rpm
62a0643bb8cd0e0844509493668a4953 2007.1/i586/ghostscript-dvipdf-8.15-48.1mdv2007.1.i586.rpm
c4464465d644514bfdf0a4bc625f0119 2007.1/i586/ghostscript-module-X-8.15-48.1mdv2007.1.i586.rpm
eed89d0bc2cc95e9adc672fdd59ebb31 2007.1/i586/libgs8-8.15-48.1mdv2007.1.i586.rpm
ea8dd403702adc9253a59486281f8e56 2007.1/i586/libgs8-devel-8.15-48.1mdv2007.1.i586.rpm
b49d72f566ab385207a7c45b3a803d5c 2007.1/i586/libijs1-0.35-48.1mdv2007.1.i586.rpm
e957af9ea00fa1af8a88bcad71b00da5 2007.1/i586/libijs1-devel-0.35-48.1mdv2007.1.i586.rpm
ce698dd8e3d6ffa4dac9c85c6774b705 2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
041a2281e9eee26da6ebfed6a5afff5d 2007.1/x86_64/ghostscript-8.15-48.1mdv2007.1.x86_64.rpm
b77a5f0e94637e71c201f309598b6177 2007.1/x86_64/ghostscript-X-8.15-48.1mdv2007.1.x86_64.rpm
308aebd935159313d40540d16786a541 2007.1/x86_64/ghostscript-common-8.15-48.1mdv2007.1.x86_64.rpm
4d16151cdfde9be0cb0b58c39252284f 2007.1/x86_64/ghostscript-doc-8.15-48.1mdv2007.1.x86_64.rpm
396d6d44f50c0fedc9cd835f072b1149 2007.1/x86_64/ghostscript-dvipdf-8.15-48.1mdv2007.1.x86_64.rpm
37bb1f718fdac868711860cb209388d1 2007.1/x86_64/ghostscript-module-X-8.15-48.1mdv2007.1.x86_64.rpm
d618f0081f802f928e4575c84525eebb 2007.1/x86_64/lib64gs8-8.15-48.1mdv2007.1.x86_64.rpm
47347d420281dcc1a1c4fb73fbb9b8dc 2007.1/x86_64/lib64gs8-devel-8.15-48.1mdv2007.1.x86_64.rpm
57ea6726ce602cbca5bdf2ab1b70b687 2007.1/x86_64/lib64ijs1-0.35-48.1mdv2007.1.x86_64.rpm
92e04164225636994f9b21c9f97275ed 2007.1/x86_64/lib64ijs1-devel-0.35-48.1mdv2007.1.x86_64.rpm
ce698dd8e3d6ffa4dac9c85c6774b705 2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
49b3afcb2d92004226453776f86d17f8 2008.0/i586/ghostscript-8.60-55.2mdv2008.0.i586.rpm
e2e0127a7511268838d6a72fd64e30cb 2008.0/i586/ghostscript-X-8.60-55.2mdv2008.0.i586.rpm
2c721049901d8cf168401845bafba9b4 2008.0/i586/ghostscript-common-8.60-55.2mdv2008.0.i586.rpm
06ad5f88130df04bbe60e36672cc4a9b 2008.0/i586/ghostscript-doc-8.60-55.2mdv2008.0.i586.rpm
aa6252821371a033bb0f49af4de19bb7 2008.0/i586/ghostscript-dvipdf-8.60-55.2mdv2008.0.i586.rpm
a3d50d5c5f66ff75de173834d1983add 2008.0/i586/ghostscript-module-X-8.60-55.2mdv2008.0.i586.rpm
4c8656b63ec3bbd34b71c7597b8a837b 2008.0/i586/libgs8-8.60-55.2mdv2008.0.i586.rpm
69c92737c6549de960e1bf00de202249 2008.0/i586/libgs8-devel-8.60-55.2mdv2008.0.i586.rpm
a190981ad1630c4e12a12b8bc4c12473 2008.0/i586/libijs1-0.35-55.2mdv2008.0.i586.rpm
7f9fa011cff43f74e31e3d93f95c55ce 2008.0/i586/libijs1-devel-0.35-55.2mdv2008.0.i586.rpm
e6b171ef6814b45477e23182d9ddf2a7 2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
500b80761ac353d23731d984def68d92 2008.0/x86_64/ghostscript-8.60-55.2mdv2008.0.x86_64.rpm
3bab68bda03832898311b25d6c6b0965 2008.0/x86_64/ghostscript-X-8.60-55.2mdv2008.0.x86_64.rpm
8d99e0abd15cd8b44fb0e06120d349a1 2008.0/x86_64/ghostscript-common-8.60-55.2mdv2008.0.x86_64.rpm
99b1af93ba073df5eec2fabd799c8d67 2008.0/x86_64/ghostscript-doc-8.60-55.2mdv2008.0.x86_64.rpm
a2594bed986560418a6cce0ad6f8cf8f 2008.0/x86_64/ghostscript-dvipdf-8.60-55.2mdv2008.0.x86_64.rpm
3179463b7984f6bacae246fd25c5e3f5 2008.0/x86_64/ghostscript-module-X-8.60-55.2mdv2008.0.x86_64.rpm
2fdc402ed4634389ba3f50afaded1513 2008.0/x86_64/lib64gs8-8.60-55.2mdv2008.0.x86_64.rpm
2886de34c01602470cc83db8c9888969 2008.0/x86_64/lib64gs8-devel-8.60-55.2mdv2008.0.x86_64.rpm
565a37afc54d44c24f8309c1804883d0 2008.0/x86_64/lib64ijs1-0.35-55.2mdv2008.0.x86_64.rpm
85b9a2494b2818d781688bbb97eeda28 2008.0/x86_64/lib64ijs1-devel-0.35-55.2mdv2008.0.x86_64.rpm
e6b171ef6814b45477e23182d9ddf2a7 2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm
Corporate 3.0:
0740a55ffc51583ece0c3d6a2ec15a4f corporate/3.0/i586/cups-drivers-1.1-138.5.C30mdk.i586.rpm
da2dd1210913a6a99575c0f79c38691c corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
ebb4038eed47554cad5650625e0ae9aa corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
284b88a6d93768260eabca912516ae57 corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
55fc4a04e6639dab571812a829dc7a1e corporate/3.0/i586/ghostscript-7.07-19.5.C30mdk.i586.rpm
d994fe4547f5715c4acd6eb1dc61193d corporate/3.0/i586/ghostscript-module-X-7.07-19.5.C30mdk.i586.rpm
900629317203474f65c061282906212d corporate/3.0/i586/gimpprint-4.2.7-2.5.C30mdk.i586.rpm
ee1e4e01f9c21fdf6de1a277fb24ed3f corporate/3.0/i586/libgimpprint1-4.2.7-2.5.C30mdk.i586.rpm
d7a1d015ed9891d1561e35e02f81a7a9 corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.5.C30mdk.i586.rpm
8e7ef9c19423f72e9966fb156a32baca corporate/3.0/i586/libijs0-0.34-76.5.C30mdk.i586.rpm
57b58d4e30c79d1d4b7451722cc162da corporate/3.0/i586/libijs0-devel-0.34-76.5.C30mdk.i586.rpm
9fab5e7e01363d2255254289b78b3bab corporate/3.0/i586/printer-filters-1.0-138.5.C30mdk.i586.rpm
231e989605b33feccfb79ba1fe7d0ec3 corporate/3.0/i586/printer-testpages-1.0-138.5.C30mdk.i586.rpm
d4893b06e30cffd02a7166a49628ef22 corporate/3.0/i586/printer-utils-1.0-138.5.C30mdk.i586.rpm
45c844e2b7ec80a9760e54744d037bf8 corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
a12fc68fbca48a9008171cc549a35cbd corporate/3.0/x86_64/cups-drivers-1.1-138.5.C30mdk.x86_64.rpm
22cf7cedcb279846c96c706194faa521 corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
316c8ab01584711de457f9e7456e81e5 corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
1dd119152e63debdfce4363fea924162 corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
51aef80b3a4b53fd50d586f94d06788f corporate/3.0/x86_64/ghostscript-7.07-19.5.C30mdk.x86_64.rpm
d8d729244d5c80e2c5b7e57a9246a81c corporate/3.0/x86_64/ghostscript-module-X-7.07-19.5.C30mdk.x86_64.rpm
e55c8ebe3c1c3c16c15e09af3ba5bbe3 corporate/3.0/x86_64/gimpprint-4.2.7-2.5.C30mdk.x86_64.rpm
774e97478f61467e6c49071762d1aa5c corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.5.C30mdk.x86_64.rpm
0ae3a70574550131e04de6dd4d56b993 corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.5.C30mdk.x86_64.rpm
ce0029f485507164d9ac22004c799b94 corporate/3.0/x86_64/lib64ijs0-0.34-76.5.C30mdk.x86_64.rpm
a3dc01753e534d6d2322e857ab1342ab corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.5.C30mdk.x86_64.rpm
8850a9977a07ce8d0aae8e7f267dd035 corporate/3.0/x86_64/printer-filters-1.0-138.5.C30mdk.x86_64.rpm
2b64059d49d4fbeae463a498faacccf9 corporate/3.0/x86_64/printer-testpages-1.0-138.5.C30mdk.x86_64.rpm
c536d4e2d9288e75bba62c1960aac700 corporate/3.0/x86_64/printer-utils-1.0-138.5.C30mdk.x86_64.rpm
45c844e2b7ec80a9760e54744d037bf8 corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm
Corporate 4.0:
128e352634d19ad2a2a58de91dc4ed61 corporate/4.0/i586/ghostscript-8.15-46.1.20060mlcs4.i586.rpm
9b4de45a1c1bf7f628a2e82520ca8386 corporate/4.0/i586/ghostscript-X-8.15-46.1.20060mlcs4.i586.rpm
3c690dfaabfb637cbb801a897b891928 corporate/4.0/i586/ghostscript-common-8.15-46.1.20060mlcs4.i586.rpm
87a1efaed3d6135cedf0f8a0092cd0f7 corporate/4.0/i586/ghostscript-dvipdf-8.15-46.1.20060mlcs4.i586.rpm
3710458d31e1254782fe3b2c700022f5 corporate/4.0/i586/ghostscript-module-X-8.15-46.1.20060mlcs4.i586.rpm
cae65be57bfe60ff962f38ec21da10a6 corporate/4.0/i586/libgs8-8.15-46.1.20060mlcs4.i586.rpm
69cda6990a6bd4fc281bba2310d782a4 corporate/4.0/i586/libgs8-devel-8.15-46.1.20060mlcs4.i586.rpm
608259ea7eca0233dacf0423cf4412ce corporate/4.0/i586/libijs1-0.35-46.1.20060mlcs4.i586.rpm
5c7dc11cbd7bef1304484fdfa73254df corporate/4.0/i586/libijs1-devel-0.35-46.1.20060mlcs4.i586.rpm
17b52eacabca6e84238c4e0400caad6d corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f30959f1ab27734a96a5aff0f89b655b corporate/4.0/x86_64/ghostscript-8.15-46.1.20060mlcs4.x86_64.rpm
2b360f654a4239bc9445be1ee988dac8 corporate/4.0/x86_64/ghostscript-X-8.15-46.1.20060mlcs4.x86_64.rpm
cd43deb0bb76723dc1991b6b38d40e5f corporate/4.0/x86_64/ghostscript-common-8.15-46.1.20060mlcs4.x86_64.rpm
2336c92f72f4c023a06b83ad8d00e739 corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.1.20060mlcs4.x86_64.rpm
c7749f1faf9dbb1119796dfc3234ff0c corporate/4.0/x86_64/ghostscript-module-X-8.15-46.1.20060mlcs4.x86_64.rpm
55a229c2bcd6ce2db4e4eb63cc511420 corporate/4.0/x86_64/lib64gs8-8.15-46.1.20060mlcs4.x86_64.rpm
1e3a9b7b9524e064b8527b3fdccf9ed0 corporate/4.0/x86_64/lib64gs8-devel-8.15-46.1.20060mlcs4.x86_64.rpm
6b2abd6151b5d2bb9d55c0a14cca79d2 corporate/4.0/x86_64/lib64ijs1-0.35-46.1.20060mlcs4.x86_64.rpm
b40fa6a2c4adabecdedd0363fd62c893 corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.1.20060mlcs4.x86_64.rpm
17b52eacabca6e84238c4e0400caad6d corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHx41LmqjQ0CJFipgRAlhvAKDI73J1CwV3f5hvv3tlUTIkwn4kAwCfZ5ij
gUc1w5OIYN3KI1c8snNYJ5Q=
=+hFr
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists