lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MKdBy-00065R-05@titan.mandriva.com>
Date: Sat, 27 Jun 2009 21:04:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:144 ] ghostscript


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:144
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ghostscript
 Date    : June 27, 2009
 Affected: 2008.1, 2009.0, 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed
 in ghostscript:
 
 Multiple integer overflows in JasPer 1.900.1 might allow
 context-dependent attackers to have an unknown impact via a crafted
 image file, related to integer multiplication for memory allocation
 (CVE-2008-3520).
 
 Buffer overflow in the jas_stream_printf function in
 libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
 context-dependent attackers to have an unknown impact via
 vectors related to the mif_hdr_put function and use of vsprintf
 (CVE-2008-3522).
 
 Previousely the ghostscript packages were statically built against
 a bundled and private copy of the jasper library. This update makes
 ghostscript link against the shared system jasper library which
 makes it easier to address presumptive future security issues in the
 jasper library.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 64de52ad8197e811b96671e9a730e3c0  2008.1/i586/ghostscript-8.61-60.2mdv2008.1.i586.rpm
 45c1d4890c5c8b088e7a022fbbdc6dd9  2008.1/i586/ghostscript-common-8.61-60.2mdv2008.1.i586.rpm
 a302314dd1cbe2460f27448adb59e826  2008.1/i586/ghostscript-doc-8.61-60.2mdv2008.1.i586.rpm
 0e613f9e659e078bdab3d13a78f809a0  2008.1/i586/ghostscript-dvipdf-8.61-60.2mdv2008.1.i586.rpm
 1a446b7c9285b32e7123913ab06a7b23  2008.1/i586/ghostscript-module-X-8.61-60.2mdv2008.1.i586.rpm
 1225f21b30cb7ed380539e2d141f3d33  2008.1/i586/ghostscript-X-8.61-60.2mdv2008.1.i586.rpm
 dd540467728f5e66bd37a1f49c0976a9  2008.1/i586/libgs8-8.61-60.2mdv2008.1.i586.rpm
 dfbca51c10471f7cc8c5d2f8e09cda58  2008.1/i586/libgs8-devel-8.61-60.2mdv2008.1.i586.rpm
 b6eae4883e5d9d76b2941f5f2ad2e63d  2008.1/i586/libijs1-0.35-60.2mdv2008.1.i586.rpm
 37cedb3f1887c5fcd1c6e025c3af9a75  2008.1/i586/libijs1-devel-0.35-60.2mdv2008.1.i586.rpm 
 3b4d9f79b3e583c2a8c87f9662a370ec  2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7575892730d45a63ecaf87c8c5396a5f  2008.1/x86_64/ghostscript-8.61-60.2mdv2008.1.x86_64.rpm
 187caf1e05d6e108c040de51e9c0c2cf  2008.1/x86_64/ghostscript-common-8.61-60.2mdv2008.1.x86_64.rpm
 370204ee2097294f44359fd3e23354cd  2008.1/x86_64/ghostscript-doc-8.61-60.2mdv2008.1.x86_64.rpm
 b2a4bc0340b7862d87ef22b6eb5d54a2  2008.1/x86_64/ghostscript-dvipdf-8.61-60.2mdv2008.1.x86_64.rpm
 a072f285954615b154763f8b6d84320c  2008.1/x86_64/ghostscript-module-X-8.61-60.2mdv2008.1.x86_64.rpm
 72ee1177330643bba7bef2f759a27fb1  2008.1/x86_64/ghostscript-X-8.61-60.2mdv2008.1.x86_64.rpm
 7961183b3542484dba3d45e4c0b0e63e  2008.1/x86_64/lib64gs8-8.61-60.2mdv2008.1.x86_64.rpm
 337a97636c425cf3c95e8070bf9acd24  2008.1/x86_64/lib64gs8-devel-8.61-60.2mdv2008.1.x86_64.rpm
 1fe6a0989d24d7acb36bc3f698992ae1  2008.1/x86_64/lib64ijs1-0.35-60.2mdv2008.1.x86_64.rpm
 ab837490f350451d613a5cfae76852d0  2008.1/x86_64/lib64ijs1-devel-0.35-60.2mdv2008.1.x86_64.rpm 
 3b4d9f79b3e583c2a8c87f9662a370ec  2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 df32fad867b6add9bf45dad5657a8330  2009.0/i586/ghostscript-8.63-62.2mdv2009.0.i586.rpm
 5210a202691f7651e50103f92fc47f82  2009.0/i586/ghostscript-common-8.63-62.2mdv2009.0.i586.rpm
 96249fb38e6da477bfb5f509c9cfe1f7  2009.0/i586/ghostscript-doc-8.63-62.2mdv2009.0.i586.rpm
 db3289afab8953821293444e4d25990e  2009.0/i586/ghostscript-dvipdf-8.63-62.2mdv2009.0.i586.rpm
 2948de8a3142ac3cb188f1ca6277d085  2009.0/i586/ghostscript-module-X-8.63-62.2mdv2009.0.i586.rpm
 0a1eb391b47f8a2885f687d727f0a727  2009.0/i586/ghostscript-X-8.63-62.2mdv2009.0.i586.rpm
 64f89983246d5f77a657331f8c152b47  2009.0/i586/libgs8-8.63-62.2mdv2009.0.i586.rpm
 67f549ca579add92fb25f20b49a4a125  2009.0/i586/libgs8-devel-8.63-62.2mdv2009.0.i586.rpm
 7849ac132852a6c1ed86f924f92cc43a  2009.0/i586/libijs1-0.35-62.2mdv2009.0.i586.rpm
 5e9b18f0795b19a247a690e3aaff2015  2009.0/i586/libijs1-devel-0.35-62.2mdv2009.0.i586.rpm 
 ce033e6b29aa70a42185a555eb6c378b  2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 bd0f230c1822c7c1bbba0559abdba507  2009.0/x86_64/ghostscript-8.63-62.2mdv2009.0.x86_64.rpm
 4c5a4ab568fea04f48dc0cbd2655a35d  2009.0/x86_64/ghostscript-common-8.63-62.2mdv2009.0.x86_64.rpm
 9161c959c6cef418ebad57db507e2822  2009.0/x86_64/ghostscript-doc-8.63-62.2mdv2009.0.x86_64.rpm
 49d8b0b0644600f46be23bd7a95a6f1a  2009.0/x86_64/ghostscript-dvipdf-8.63-62.2mdv2009.0.x86_64.rpm
 1a4b375953b3154e0bd69968d89c81fc  2009.0/x86_64/ghostscript-module-X-8.63-62.2mdv2009.0.x86_64.rpm
 b19edb3dc189bd92ef6ff5048cb72ad8  2009.0/x86_64/ghostscript-X-8.63-62.2mdv2009.0.x86_64.rpm
 9c6f38ee4b023e6ebaa9a0b740fff041  2009.0/x86_64/lib64gs8-8.63-62.2mdv2009.0.x86_64.rpm
 f30d6c657f840ff898e2875f39637aec  2009.0/x86_64/lib64gs8-devel-8.63-62.2mdv2009.0.x86_64.rpm
 77160fabdc96b83cca54dd96b9725e0d  2009.0/x86_64/lib64ijs1-0.35-62.2mdv2009.0.x86_64.rpm
 310cf7488822883cb19228e245038891  2009.0/x86_64/lib64ijs1-devel-0.35-62.2mdv2009.0.x86_64.rpm 
 ce033e6b29aa70a42185a555eb6c378b  2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 5461e7acb022b34273bc8259c2cb51f3  2009.1/i586/ghostscript-8.64-65.1mdv2009.1.i586.rpm
 fb55d8f235acf29d09d997a7336471a2  2009.1/i586/ghostscript-common-8.64-65.1mdv2009.1.i586.rpm
 3e4332a4d9aeb25af76a04be3a215c85  2009.1/i586/ghostscript-doc-8.64-65.1mdv2009.1.i586.rpm
 cffc795a9a7b3fba5f88d616d75bd15f  2009.1/i586/ghostscript-dvipdf-8.64-65.1mdv2009.1.i586.rpm
 31d045453a66587fe6f6caf4cfbbf6c8  2009.1/i586/ghostscript-module-X-8.64-65.1mdv2009.1.i586.rpm
 90e8c74e4732a90506c60d81ff92d344  2009.1/i586/ghostscript-X-8.64-65.1mdv2009.1.i586.rpm
 303ca01b3b4932febd96eb488fb47d53  2009.1/i586/libgs8-8.64-65.1mdv2009.1.i586.rpm
 946518442e2e6493b2bf83d6a81f4d10  2009.1/i586/libgs8-devel-8.64-65.1mdv2009.1.i586.rpm
 15545b1852dea3d79b46a0602c6bfc57  2009.1/i586/libijs1-0.35-65.1mdv2009.1.i586.rpm
 eff2cd5a24f88ef5d39fe7131f0b6f14  2009.1/i586/libijs1-devel-0.35-65.1mdv2009.1.i586.rpm 
 1c96f2a7290404b7075ec8ab406571df  2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 7d1bef1043e4ec08a4f48fdd7c64b83d  2009.1/x86_64/ghostscript-8.64-65.1mdv2009.1.x86_64.rpm
 5a6c02f5643a40805b226c0e401e944c  2009.1/x86_64/ghostscript-common-8.64-65.1mdv2009.1.x86_64.rpm
 205e378a2e3e78f70be416d028cfe2cd  2009.1/x86_64/ghostscript-doc-8.64-65.1mdv2009.1.x86_64.rpm
 e71464af0f64ad8a67d9b4cc2dc6b212  2009.1/x86_64/ghostscript-dvipdf-8.64-65.1mdv2009.1.x86_64.rpm
 474271f0b74ce5c8b3cfb6dab78ffe21  2009.1/x86_64/ghostscript-module-X-8.64-65.1mdv2009.1.x86_64.rpm
 00afb881b26e8ab1bc2b82b0c0d57e5a  2009.1/x86_64/ghostscript-X-8.64-65.1mdv2009.1.x86_64.rpm
 679194c2b7a835a16ac3ee33ef48209c  2009.1/x86_64/lib64gs8-8.64-65.1mdv2009.1.x86_64.rpm
 c311ffb6c8f32e8dcdb65a35fb92aad3  2009.1/x86_64/lib64gs8-devel-8.64-65.1mdv2009.1.x86_64.rpm
 4db7ecdf4f4b615965c386d881a2729e  2009.1/x86_64/lib64ijs1-0.35-65.1mdv2009.1.x86_64.rpm
 e9c6700684bd7ce2917fe59e19d24e08  2009.1/x86_64/lib64ijs1-devel-0.35-65.1mdv2009.1.x86_64.rpm 
 1c96f2a7290404b7075ec8ab406571df  2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKRkCBmqjQ0CJFipgRAsXPAJ4wSuhitGx5GFak+Y9Vn7+DnlbZJwCfZmL8
VmzBRP7UPNfoHBoOpcgGFW0=
=ZeYa
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ