lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OEpxo-0005qU-Qa@titan.mandriva.com>
Date: Wed, 19 May 2010 22:34:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:102 ] ghostscript


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:102
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ghostscript
 Date    : May 19, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ghostscript:
 
 Stack-based buffer overflow in the parser function in GhostScript 8.70
 and 8.64 allows context-dependent attackers to execute arbitrary code
 via a crafted PostScript file (CVE-2010-1869).
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 c1360edcc6bda79fa0f1a0f241f3cec3  2008.0/i586/ghostscript-8.60-55.4mdv2008.0.i586.rpm
 d02a623cf71a49f9cc262f900fed7e3a  2008.0/i586/ghostscript-common-8.60-55.4mdv2008.0.i586.rpm
 bae51676f8d807bbdb89ce1c6c5480c6  2008.0/i586/ghostscript-doc-8.60-55.4mdv2008.0.i586.rpm
 5fef2add7461a2403a511844d20c7987  2008.0/i586/ghostscript-dvipdf-8.60-55.4mdv2008.0.i586.rpm
 676509ea8efbcc200f3249d6ddfd4415  2008.0/i586/ghostscript-module-X-8.60-55.4mdv2008.0.i586.rpm
 3210c5240f1fb6a35ebc7e548702ed52  2008.0/i586/ghostscript-X-8.60-55.4mdv2008.0.i586.rpm
 c0ec0c5654838c2d651b874fd31ab1d4  2008.0/i586/libgs8-8.60-55.4mdv2008.0.i586.rpm
 5245c2f5fda2a26194d80eae9ed95eee  2008.0/i586/libgs8-devel-8.60-55.4mdv2008.0.i586.rpm
 160058f2cf27d3a206349a7d9e95fe36  2008.0/i586/libijs1-0.35-55.4mdv2008.0.i586.rpm
 15af2da5f6685e7099407a5433590d6f  2008.0/i586/libijs1-devel-0.35-55.4mdv2008.0.i586.rpm 
 3660d3ab7bf3f0549df5ee5c0fe75282  2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 af8fa9e179d9424936442ccd8652768c  2008.0/x86_64/ghostscript-8.60-55.4mdv2008.0.x86_64.rpm
 ecb7f8866d1a81253f05a8969ca5298b  2008.0/x86_64/ghostscript-common-8.60-55.4mdv2008.0.x86_64.rpm
 154917c6a3e62e1c8a732b967bed17bd  2008.0/x86_64/ghostscript-doc-8.60-55.4mdv2008.0.x86_64.rpm
 425f73ed07473af4bb82441eedeb312c  2008.0/x86_64/ghostscript-dvipdf-8.60-55.4mdv2008.0.x86_64.rpm
 9c1651257fa13099729eb46122f670c9  2008.0/x86_64/ghostscript-module-X-8.60-55.4mdv2008.0.x86_64.rpm
 76cb1271dd09aea19b6836776b44a823  2008.0/x86_64/ghostscript-X-8.60-55.4mdv2008.0.x86_64.rpm
 1f126e7c633c6f0c0cef3b6562f4ed66  2008.0/x86_64/lib64gs8-8.60-55.4mdv2008.0.x86_64.rpm
 f8b9da1f427dacafaf02ab1bd9bf265d  2008.0/x86_64/lib64gs8-devel-8.60-55.4mdv2008.0.x86_64.rpm
 ee83e8a4732e7d32770ac78b639022b7  2008.0/x86_64/lib64ijs1-0.35-55.4mdv2008.0.x86_64.rpm
 4f8628d00af7b4ecfaa0a3ccacdb1ed4  2008.0/x86_64/lib64ijs1-devel-0.35-55.4mdv2008.0.x86_64.rpm 
 3660d3ab7bf3f0549df5ee5c0fe75282  2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 313c90cbecfb0550d694465260cbb20f  2009.0/i586/ghostscript-8.63-62.4mdv2009.0.i586.rpm
 92529376e7d97597d7e26b78907a1ef7  2009.0/i586/ghostscript-common-8.63-62.4mdv2009.0.i586.rpm
 44a4a7e35bc90c9e182a11914e3c544e  2009.0/i586/ghostscript-doc-8.63-62.4mdv2009.0.i586.rpm
 bf0ccaf33210a597f13a50c4cdd2ed5a  2009.0/i586/ghostscript-dvipdf-8.63-62.4mdv2009.0.i586.rpm
 6f51150145c3f4c4dcf6246d4d09ae34  2009.0/i586/ghostscript-module-X-8.63-62.4mdv2009.0.i586.rpm
 aeedaac055088476373e4132e6246aa8  2009.0/i586/ghostscript-X-8.63-62.4mdv2009.0.i586.rpm
 da6acb6651bef2476e57a8e532bfa1df  2009.0/i586/libgs8-8.63-62.4mdv2009.0.i586.rpm
 7cf648668272889a57f24ecda15d61fe  2009.0/i586/libgs8-devel-8.63-62.4mdv2009.0.i586.rpm
 5d6f3e8918640c1613b1c52a2ee5be9c  2009.0/i586/libijs1-0.35-62.4mdv2009.0.i586.rpm
 5c86592e180faf768e4df4294f173d77  2009.0/i586/libijs1-devel-0.35-62.4mdv2009.0.i586.rpm 
 0f4df74cabfdabb8044df866629ded1d  2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 4d99897152b722af1790ee2d21477f98  2009.0/x86_64/ghostscript-8.63-62.4mdv2009.0.x86_64.rpm
 f7b37265291b0009eb9192e54ae85ae5  2009.0/x86_64/ghostscript-common-8.63-62.4mdv2009.0.x86_64.rpm
 84328212d3054a260794c71c2b98d378  2009.0/x86_64/ghostscript-doc-8.63-62.4mdv2009.0.x86_64.rpm
 80b3021580aaf26899a76d50105afc12  2009.0/x86_64/ghostscript-dvipdf-8.63-62.4mdv2009.0.x86_64.rpm
 dc8dd899efe90df34ba88b179544234d  2009.0/x86_64/ghostscript-module-X-8.63-62.4mdv2009.0.x86_64.rpm
 46eca8c6a32a8ed1187d9ec73ceddc51  2009.0/x86_64/ghostscript-X-8.63-62.4mdv2009.0.x86_64.rpm
 c84e7a4d7ac2787413a170f8cf717ab2  2009.0/x86_64/lib64gs8-8.63-62.4mdv2009.0.x86_64.rpm
 a6e22b819a271a8b3b9be359bf9a9322  2009.0/x86_64/lib64gs8-devel-8.63-62.4mdv2009.0.x86_64.rpm
 11d9d6d305015e0b5f3476d16f035289  2009.0/x86_64/lib64ijs1-0.35-62.4mdv2009.0.x86_64.rpm
 ed90dc82c29f5fe1eeb8ecbc6a430e2a  2009.0/x86_64/lib64ijs1-devel-0.35-62.4mdv2009.0.x86_64.rpm 
 0f4df74cabfdabb8044df866629ded1d  2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 b347c5be523982da5b669b4ebca2e0ba  2009.1/i586/ghostscript-8.64-65.2mdv2009.1.i586.rpm
 b6ecc633210f7012c39aaad50ced24db  2009.1/i586/ghostscript-common-8.64-65.2mdv2009.1.i586.rpm
 4e5f0f9f1e0ed63779cfd0e58bcbeb2f  2009.1/i586/ghostscript-doc-8.64-65.2mdv2009.1.i586.rpm
 0b9eb533d78d8ac0edfe21b74879b3c7  2009.1/i586/ghostscript-dvipdf-8.64-65.2mdv2009.1.i586.rpm
 11630a17c9c82c899c965e76f0c563da  2009.1/i586/ghostscript-module-X-8.64-65.2mdv2009.1.i586.rpm
 f564cd779df316cfbbebcc105a8e28d2  2009.1/i586/ghostscript-X-8.64-65.2mdv2009.1.i586.rpm
 4ea5a21cfdd3d1d7128d4c07b14b39dd  2009.1/i586/libgs8-8.64-65.2mdv2009.1.i586.rpm
 5498873fa9c05f336acc16c1993b0797  2009.1/i586/libgs8-devel-8.64-65.2mdv2009.1.i586.rpm
 18e11befa41022995911ff65a7b807c3  2009.1/i586/libijs1-0.35-65.2mdv2009.1.i586.rpm
 190fbe724fb037dd3929da67a594c928  2009.1/i586/libijs1-devel-0.35-65.2mdv2009.1.i586.rpm 
 13d3c8bfdb740bf7b451fe4863227024  2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f367530ff49048e50fa6dae831c85dda  2009.1/x86_64/ghostscript-8.64-65.2mdv2009.1.x86_64.rpm
 bc898737acfc5e8438b385598ae9b46e  2009.1/x86_64/ghostscript-common-8.64-65.2mdv2009.1.x86_64.rpm
 fc01dbc8a909ab2e7d02d9b709e82871  2009.1/x86_64/ghostscript-doc-8.64-65.2mdv2009.1.x86_64.rpm
 694077d119862d5f4823492969088b3f  2009.1/x86_64/ghostscript-dvipdf-8.64-65.2mdv2009.1.x86_64.rpm
 f6bec3c1704e462749de36c46f4db204  2009.1/x86_64/ghostscript-module-X-8.64-65.2mdv2009.1.x86_64.rpm
 9b2717c43494f263d7a37e25a19bdcc1  2009.1/x86_64/ghostscript-X-8.64-65.2mdv2009.1.x86_64.rpm
 29df7661133e45f7769f776041288e51  2009.1/x86_64/lib64gs8-8.64-65.2mdv2009.1.x86_64.rpm
 ed3fc7c79b8f5e23cfaa32601501a69b  2009.1/x86_64/lib64gs8-devel-8.64-65.2mdv2009.1.x86_64.rpm
 0dd8294088520e83ffcb0818ecdb7ad3  2009.1/x86_64/lib64ijs1-0.35-65.2mdv2009.1.x86_64.rpm
 b1fcb9b697ec0717f3f27b94da1767d6  2009.1/x86_64/lib64ijs1-devel-0.35-65.2mdv2009.1.x86_64.rpm 
 13d3c8bfdb740bf7b451fe4863227024  2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 7a648f7050536a867d407999c02efe53  2010.0/i586/ghostscript-8.64-69.1mdv2010.0.i586.rpm
 50e716baff81b930f25807f6e38aa084  2010.0/i586/ghostscript-common-8.64-69.1mdv2010.0.i586.rpm
 73c2017d6a19d94edbf20474873e6eac  2010.0/i586/ghostscript-doc-8.64-69.1mdv2010.0.i586.rpm
 0146e7c7ce4b5ed519654fe6ea618ba3  2010.0/i586/ghostscript-dvipdf-8.64-69.1mdv2010.0.i586.rpm
 c38e2e9b62814ddff5c43edf20c9feac  2010.0/i586/ghostscript-module-X-8.64-69.1mdv2010.0.i586.rpm
 2d89a346e39d48cb8a0949fa7545e7ce  2010.0/i586/ghostscript-X-8.64-69.1mdv2010.0.i586.rpm
 a38d3c8e82aff09967da065417d18367  2010.0/i586/libgs8-8.64-69.1mdv2010.0.i586.rpm
 eca82980f75e33be4f5e9357f1affb1c  2010.0/i586/libgs8-devel-8.64-69.1mdv2010.0.i586.rpm
 13ad034d9c766245e688d000c4d3aca5  2010.0/i586/libijs1-0.35-69.1mdv2010.0.i586.rpm
 83c45b12a0fa06e9f76aa5da146a7b54  2010.0/i586/libijs1-devel-0.35-69.1mdv2010.0.i586.rpm 
 05633c1ea524326727a7db485c72539f  2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 de947e192d4fd19c3757371b04d47115  2010.0/x86_64/ghostscript-8.64-69.1mdv2010.0.x86_64.rpm
 af183bf415c188407626d3028c96fcfb  2010.0/x86_64/ghostscript-common-8.64-69.1mdv2010.0.x86_64.rpm
 db4dd5a32f5ac87dad503f3b3b4648f5  2010.0/x86_64/ghostscript-doc-8.64-69.1mdv2010.0.x86_64.rpm
 8deb6ff64eaec9a9a2b8fa6b8e36a23b  2010.0/x86_64/ghostscript-dvipdf-8.64-69.1mdv2010.0.x86_64.rpm
 56cd07afffaf82faebb76bdc317a4b79  2010.0/x86_64/ghostscript-module-X-8.64-69.1mdv2010.0.x86_64.rpm
 564cc4f8a43caf41d3faf56848dddb1f  2010.0/x86_64/ghostscript-X-8.64-69.1mdv2010.0.x86_64.rpm
 a4379f933a5fe1e06132b91ab2a592e7  2010.0/x86_64/lib64gs8-8.64-69.1mdv2010.0.x86_64.rpm
 5288d2a1807da31f2b3884034f3c43aa  2010.0/x86_64/lib64gs8-devel-8.64-69.1mdv2010.0.x86_64.rpm
 92adaf591aba09e6735c4e764764b3a8  2010.0/x86_64/lib64ijs1-0.35-69.1mdv2010.0.x86_64.rpm
 9bb1e4d39faf5a197f250b0f2a8347dd  2010.0/x86_64/lib64ijs1-devel-0.35-69.1mdv2010.0.x86_64.rpm 
 05633c1ea524326727a7db485c72539f  2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm

 Corporate 4.0:
 9cb8f3900c93bb991986ba9cb4bc30e8  corporate/4.0/i586/ghostscript-8.15-46.3.20060mlcs4.i586.rpm
 f828214a2c138a3d85120d30dec34c4d  corporate/4.0/i586/ghostscript-common-8.15-46.3.20060mlcs4.i586.rpm
 bf635e5a119e66182b3eb60af9aad944  corporate/4.0/i586/ghostscript-dvipdf-8.15-46.3.20060mlcs4.i586.rpm
 a91390460c04bf47be2600ac75120241  corporate/4.0/i586/ghostscript-module-X-8.15-46.3.20060mlcs4.i586.rpm
 e0c399cff8fa6c20526aec6df79c3fd8  corporate/4.0/i586/ghostscript-X-8.15-46.3.20060mlcs4.i586.rpm
 21741e45e78a0c2dec56f59e711ce09e  corporate/4.0/i586/libgs8-8.15-46.3.20060mlcs4.i586.rpm
 69185151ea9b0f1e3a0a60a391a0506e  corporate/4.0/i586/libgs8-devel-8.15-46.3.20060mlcs4.i586.rpm
 72222457301550f58dee02d070b1ed95  corporate/4.0/i586/libijs1-0.35-46.3.20060mlcs4.i586.rpm
 c8f5c821561fb3baf9acf7496d3e7b3a  corporate/4.0/i586/libijs1-devel-0.35-46.3.20060mlcs4.i586.rpm 
 4f4fbfbe952492d6cb028020b11503de  corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5b33ba915d6261abbfc6dad1222a8bff  corporate/4.0/x86_64/ghostscript-8.15-46.3.20060mlcs4.x86_64.rpm
 5093e1bc56583303dd20d3f5f9194239  corporate/4.0/x86_64/ghostscript-common-8.15-46.3.20060mlcs4.x86_64.rpm
 15a3f7d7631b5c3815e23aef619b74ad  corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.3.20060mlcs4.x86_64.rpm
 97a12577502cca5c55ec473b02c4513f  corporate/4.0/x86_64/ghostscript-module-X-8.15-46.3.20060mlcs4.x86_64.rpm
 bd3cdc393b6ee0178e4c5c9f04197d90  corporate/4.0/x86_64/ghostscript-X-8.15-46.3.20060mlcs4.x86_64.rpm
 698f95ea98989cc550e538ee84d81165  corporate/4.0/x86_64/lib64gs8-8.15-46.3.20060mlcs4.x86_64.rpm
 4d9ecd9c9653a9919dc3a94c19ad2fd8  corporate/4.0/x86_64/lib64gs8-devel-8.15-46.3.20060mlcs4.x86_64.rpm
 b4b6bb5147eeae90de565fdb36bc497c  corporate/4.0/x86_64/lib64ijs1-0.35-46.3.20060mlcs4.x86_64.rpm
 7bcfd3d13f3fd56f250d45c1951ec716  corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.3.20060mlcs4.x86_64.rpm 
 4f4fbfbe952492d6cb028020b11503de  corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 86624ba14e7c0fdd9856725dfe7644e7  mes5/i586/ghostscript-8.63-62.4mdvmes5.1.i586.rpm
 2b124bd39a9b6cd96de26f657fde5dbd  mes5/i586/ghostscript-common-8.63-62.4mdvmes5.1.i586.rpm
 eb3b05bca5cbc8edce86d83ed908ea7f  mes5/i586/ghostscript-doc-8.63-62.4mdvmes5.1.i586.rpm
 31593b2e8da79e4af8afbcfb8899ea43  mes5/i586/ghostscript-dvipdf-8.63-62.4mdvmes5.1.i586.rpm
 1d8254b2063933769c5f58bb45553bff  mes5/i586/ghostscript-module-X-8.63-62.4mdvmes5.1.i586.rpm
 070c094d2195733316efb75c416bc612  mes5/i586/ghostscript-X-8.63-62.4mdvmes5.1.i586.rpm
 b23d826a174479964126b73ff3238495  mes5/i586/libgs8-8.63-62.4mdvmes5.1.i586.rpm
 79da2ab04cc49f3cf33f5a22d8e368a3  mes5/i586/libgs8-devel-8.63-62.4mdvmes5.1.i586.rpm
 54f4c76fdda312a6332acbc733413363  mes5/i586/libijs1-0.35-62.4mdvmes5.1.i586.rpm
 a168e7f8498acd6c1c89187b43918971  mes5/i586/libijs1-devel-0.35-62.4mdvmes5.1.i586.rpm 
 0bca27a00704c2ac8896caaba43aa8cb  mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 6546f0b510efbe11367ea5c14d84ced7  mes5/x86_64/ghostscript-8.63-62.4mdvmes5.1.x86_64.rpm
 df26a454dfb3d9feb396133c93a5bacd  mes5/x86_64/ghostscript-common-8.63-62.4mdvmes5.1.x86_64.rpm
 2da8d9cdab1e81d2bca5a32f9d17838d  mes5/x86_64/ghostscript-doc-8.63-62.4mdvmes5.1.x86_64.rpm
 d42d41adea2a77cf0dd204222d1fcd3c  mes5/x86_64/ghostscript-dvipdf-8.63-62.4mdvmes5.1.x86_64.rpm
 2c8bdac0fc03185381918a5471104bf9  mes5/x86_64/ghostscript-module-X-8.63-62.4mdvmes5.1.x86_64.rpm
 2f8c45e461f2365641ad973c294cf246  mes5/x86_64/ghostscript-X-8.63-62.4mdvmes5.1.x86_64.rpm
 0cc3dfad8881a1b2e7440b9a88463720  mes5/x86_64/lib64gs8-8.63-62.4mdvmes5.1.x86_64.rpm
 a3282f4cb62138b656e9e2b499a362bd  mes5/x86_64/lib64gs8-devel-8.63-62.4mdvmes5.1.x86_64.rpm
 ba01f7b7ed7e9de0b68b138ceaf09229  mes5/x86_64/lib64ijs1-0.35-62.4mdvmes5.1.x86_64.rpm
 726fe6f338a3f4db537d99f14abc6d81  mes5/x86_64/lib64ijs1-devel-0.35-62.4mdvmes5.1.x86_64.rpm 
 0bca27a00704c2ac8896caaba43aa8cb  mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL9Bk1mqjQ0CJFipgRAhZmAJ9JHzNBU4Q6OlJcIMoyQ50LW/+4BQCgv+rh
nO++o+wcghpkSCXfpkasmSk=
=q2JM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ