[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OEpxo-0005qU-Qa@titan.mandriva.com>
Date: Wed, 19 May 2010 22:34:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:102 ] ghostscript
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:102
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : May 19, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ghostscript:
Stack-based buffer overflow in the parser function in GhostScript 8.70
and 8.64 allows context-dependent attackers to execute arbitrary code
via a crafted PostScript file (CVE-2010-1869).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c1360edcc6bda79fa0f1a0f241f3cec3 2008.0/i586/ghostscript-8.60-55.4mdv2008.0.i586.rpm
d02a623cf71a49f9cc262f900fed7e3a 2008.0/i586/ghostscript-common-8.60-55.4mdv2008.0.i586.rpm
bae51676f8d807bbdb89ce1c6c5480c6 2008.0/i586/ghostscript-doc-8.60-55.4mdv2008.0.i586.rpm
5fef2add7461a2403a511844d20c7987 2008.0/i586/ghostscript-dvipdf-8.60-55.4mdv2008.0.i586.rpm
676509ea8efbcc200f3249d6ddfd4415 2008.0/i586/ghostscript-module-X-8.60-55.4mdv2008.0.i586.rpm
3210c5240f1fb6a35ebc7e548702ed52 2008.0/i586/ghostscript-X-8.60-55.4mdv2008.0.i586.rpm
c0ec0c5654838c2d651b874fd31ab1d4 2008.0/i586/libgs8-8.60-55.4mdv2008.0.i586.rpm
5245c2f5fda2a26194d80eae9ed95eee 2008.0/i586/libgs8-devel-8.60-55.4mdv2008.0.i586.rpm
160058f2cf27d3a206349a7d9e95fe36 2008.0/i586/libijs1-0.35-55.4mdv2008.0.i586.rpm
15af2da5f6685e7099407a5433590d6f 2008.0/i586/libijs1-devel-0.35-55.4mdv2008.0.i586.rpm
3660d3ab7bf3f0549df5ee5c0fe75282 2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
af8fa9e179d9424936442ccd8652768c 2008.0/x86_64/ghostscript-8.60-55.4mdv2008.0.x86_64.rpm
ecb7f8866d1a81253f05a8969ca5298b 2008.0/x86_64/ghostscript-common-8.60-55.4mdv2008.0.x86_64.rpm
154917c6a3e62e1c8a732b967bed17bd 2008.0/x86_64/ghostscript-doc-8.60-55.4mdv2008.0.x86_64.rpm
425f73ed07473af4bb82441eedeb312c 2008.0/x86_64/ghostscript-dvipdf-8.60-55.4mdv2008.0.x86_64.rpm
9c1651257fa13099729eb46122f670c9 2008.0/x86_64/ghostscript-module-X-8.60-55.4mdv2008.0.x86_64.rpm
76cb1271dd09aea19b6836776b44a823 2008.0/x86_64/ghostscript-X-8.60-55.4mdv2008.0.x86_64.rpm
1f126e7c633c6f0c0cef3b6562f4ed66 2008.0/x86_64/lib64gs8-8.60-55.4mdv2008.0.x86_64.rpm
f8b9da1f427dacafaf02ab1bd9bf265d 2008.0/x86_64/lib64gs8-devel-8.60-55.4mdv2008.0.x86_64.rpm
ee83e8a4732e7d32770ac78b639022b7 2008.0/x86_64/lib64ijs1-0.35-55.4mdv2008.0.x86_64.rpm
4f8628d00af7b4ecfaa0a3ccacdb1ed4 2008.0/x86_64/lib64ijs1-devel-0.35-55.4mdv2008.0.x86_64.rpm
3660d3ab7bf3f0549df5ee5c0fe75282 2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm
Mandriva Linux 2009.0:
313c90cbecfb0550d694465260cbb20f 2009.0/i586/ghostscript-8.63-62.4mdv2009.0.i586.rpm
92529376e7d97597d7e26b78907a1ef7 2009.0/i586/ghostscript-common-8.63-62.4mdv2009.0.i586.rpm
44a4a7e35bc90c9e182a11914e3c544e 2009.0/i586/ghostscript-doc-8.63-62.4mdv2009.0.i586.rpm
bf0ccaf33210a597f13a50c4cdd2ed5a 2009.0/i586/ghostscript-dvipdf-8.63-62.4mdv2009.0.i586.rpm
6f51150145c3f4c4dcf6246d4d09ae34 2009.0/i586/ghostscript-module-X-8.63-62.4mdv2009.0.i586.rpm
aeedaac055088476373e4132e6246aa8 2009.0/i586/ghostscript-X-8.63-62.4mdv2009.0.i586.rpm
da6acb6651bef2476e57a8e532bfa1df 2009.0/i586/libgs8-8.63-62.4mdv2009.0.i586.rpm
7cf648668272889a57f24ecda15d61fe 2009.0/i586/libgs8-devel-8.63-62.4mdv2009.0.i586.rpm
5d6f3e8918640c1613b1c52a2ee5be9c 2009.0/i586/libijs1-0.35-62.4mdv2009.0.i586.rpm
5c86592e180faf768e4df4294f173d77 2009.0/i586/libijs1-devel-0.35-62.4mdv2009.0.i586.rpm
0f4df74cabfdabb8044df866629ded1d 2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
4d99897152b722af1790ee2d21477f98 2009.0/x86_64/ghostscript-8.63-62.4mdv2009.0.x86_64.rpm
f7b37265291b0009eb9192e54ae85ae5 2009.0/x86_64/ghostscript-common-8.63-62.4mdv2009.0.x86_64.rpm
84328212d3054a260794c71c2b98d378 2009.0/x86_64/ghostscript-doc-8.63-62.4mdv2009.0.x86_64.rpm
80b3021580aaf26899a76d50105afc12 2009.0/x86_64/ghostscript-dvipdf-8.63-62.4mdv2009.0.x86_64.rpm
dc8dd899efe90df34ba88b179544234d 2009.0/x86_64/ghostscript-module-X-8.63-62.4mdv2009.0.x86_64.rpm
46eca8c6a32a8ed1187d9ec73ceddc51 2009.0/x86_64/ghostscript-X-8.63-62.4mdv2009.0.x86_64.rpm
c84e7a4d7ac2787413a170f8cf717ab2 2009.0/x86_64/lib64gs8-8.63-62.4mdv2009.0.x86_64.rpm
a6e22b819a271a8b3b9be359bf9a9322 2009.0/x86_64/lib64gs8-devel-8.63-62.4mdv2009.0.x86_64.rpm
11d9d6d305015e0b5f3476d16f035289 2009.0/x86_64/lib64ijs1-0.35-62.4mdv2009.0.x86_64.rpm
ed90dc82c29f5fe1eeb8ecbc6a430e2a 2009.0/x86_64/lib64ijs1-devel-0.35-62.4mdv2009.0.x86_64.rpm
0f4df74cabfdabb8044df866629ded1d 2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
b347c5be523982da5b669b4ebca2e0ba 2009.1/i586/ghostscript-8.64-65.2mdv2009.1.i586.rpm
b6ecc633210f7012c39aaad50ced24db 2009.1/i586/ghostscript-common-8.64-65.2mdv2009.1.i586.rpm
4e5f0f9f1e0ed63779cfd0e58bcbeb2f 2009.1/i586/ghostscript-doc-8.64-65.2mdv2009.1.i586.rpm
0b9eb533d78d8ac0edfe21b74879b3c7 2009.1/i586/ghostscript-dvipdf-8.64-65.2mdv2009.1.i586.rpm
11630a17c9c82c899c965e76f0c563da 2009.1/i586/ghostscript-module-X-8.64-65.2mdv2009.1.i586.rpm
f564cd779df316cfbbebcc105a8e28d2 2009.1/i586/ghostscript-X-8.64-65.2mdv2009.1.i586.rpm
4ea5a21cfdd3d1d7128d4c07b14b39dd 2009.1/i586/libgs8-8.64-65.2mdv2009.1.i586.rpm
5498873fa9c05f336acc16c1993b0797 2009.1/i586/libgs8-devel-8.64-65.2mdv2009.1.i586.rpm
18e11befa41022995911ff65a7b807c3 2009.1/i586/libijs1-0.35-65.2mdv2009.1.i586.rpm
190fbe724fb037dd3929da67a594c928 2009.1/i586/libijs1-devel-0.35-65.2mdv2009.1.i586.rpm
13d3c8bfdb740bf7b451fe4863227024 2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
f367530ff49048e50fa6dae831c85dda 2009.1/x86_64/ghostscript-8.64-65.2mdv2009.1.x86_64.rpm
bc898737acfc5e8438b385598ae9b46e 2009.1/x86_64/ghostscript-common-8.64-65.2mdv2009.1.x86_64.rpm
fc01dbc8a909ab2e7d02d9b709e82871 2009.1/x86_64/ghostscript-doc-8.64-65.2mdv2009.1.x86_64.rpm
694077d119862d5f4823492969088b3f 2009.1/x86_64/ghostscript-dvipdf-8.64-65.2mdv2009.1.x86_64.rpm
f6bec3c1704e462749de36c46f4db204 2009.1/x86_64/ghostscript-module-X-8.64-65.2mdv2009.1.x86_64.rpm
9b2717c43494f263d7a37e25a19bdcc1 2009.1/x86_64/ghostscript-X-8.64-65.2mdv2009.1.x86_64.rpm
29df7661133e45f7769f776041288e51 2009.1/x86_64/lib64gs8-8.64-65.2mdv2009.1.x86_64.rpm
ed3fc7c79b8f5e23cfaa32601501a69b 2009.1/x86_64/lib64gs8-devel-8.64-65.2mdv2009.1.x86_64.rpm
0dd8294088520e83ffcb0818ecdb7ad3 2009.1/x86_64/lib64ijs1-0.35-65.2mdv2009.1.x86_64.rpm
b1fcb9b697ec0717f3f27b94da1767d6 2009.1/x86_64/lib64ijs1-devel-0.35-65.2mdv2009.1.x86_64.rpm
13d3c8bfdb740bf7b451fe4863227024 2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
7a648f7050536a867d407999c02efe53 2010.0/i586/ghostscript-8.64-69.1mdv2010.0.i586.rpm
50e716baff81b930f25807f6e38aa084 2010.0/i586/ghostscript-common-8.64-69.1mdv2010.0.i586.rpm
73c2017d6a19d94edbf20474873e6eac 2010.0/i586/ghostscript-doc-8.64-69.1mdv2010.0.i586.rpm
0146e7c7ce4b5ed519654fe6ea618ba3 2010.0/i586/ghostscript-dvipdf-8.64-69.1mdv2010.0.i586.rpm
c38e2e9b62814ddff5c43edf20c9feac 2010.0/i586/ghostscript-module-X-8.64-69.1mdv2010.0.i586.rpm
2d89a346e39d48cb8a0949fa7545e7ce 2010.0/i586/ghostscript-X-8.64-69.1mdv2010.0.i586.rpm
a38d3c8e82aff09967da065417d18367 2010.0/i586/libgs8-8.64-69.1mdv2010.0.i586.rpm
eca82980f75e33be4f5e9357f1affb1c 2010.0/i586/libgs8-devel-8.64-69.1mdv2010.0.i586.rpm
13ad034d9c766245e688d000c4d3aca5 2010.0/i586/libijs1-0.35-69.1mdv2010.0.i586.rpm
83c45b12a0fa06e9f76aa5da146a7b54 2010.0/i586/libijs1-devel-0.35-69.1mdv2010.0.i586.rpm
05633c1ea524326727a7db485c72539f 2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
de947e192d4fd19c3757371b04d47115 2010.0/x86_64/ghostscript-8.64-69.1mdv2010.0.x86_64.rpm
af183bf415c188407626d3028c96fcfb 2010.0/x86_64/ghostscript-common-8.64-69.1mdv2010.0.x86_64.rpm
db4dd5a32f5ac87dad503f3b3b4648f5 2010.0/x86_64/ghostscript-doc-8.64-69.1mdv2010.0.x86_64.rpm
8deb6ff64eaec9a9a2b8fa6b8e36a23b 2010.0/x86_64/ghostscript-dvipdf-8.64-69.1mdv2010.0.x86_64.rpm
56cd07afffaf82faebb76bdc317a4b79 2010.0/x86_64/ghostscript-module-X-8.64-69.1mdv2010.0.x86_64.rpm
564cc4f8a43caf41d3faf56848dddb1f 2010.0/x86_64/ghostscript-X-8.64-69.1mdv2010.0.x86_64.rpm
a4379f933a5fe1e06132b91ab2a592e7 2010.0/x86_64/lib64gs8-8.64-69.1mdv2010.0.x86_64.rpm
5288d2a1807da31f2b3884034f3c43aa 2010.0/x86_64/lib64gs8-devel-8.64-69.1mdv2010.0.x86_64.rpm
92adaf591aba09e6735c4e764764b3a8 2010.0/x86_64/lib64ijs1-0.35-69.1mdv2010.0.x86_64.rpm
9bb1e4d39faf5a197f250b0f2a8347dd 2010.0/x86_64/lib64ijs1-devel-0.35-69.1mdv2010.0.x86_64.rpm
05633c1ea524326727a7db485c72539f 2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm
Corporate 4.0:
9cb8f3900c93bb991986ba9cb4bc30e8 corporate/4.0/i586/ghostscript-8.15-46.3.20060mlcs4.i586.rpm
f828214a2c138a3d85120d30dec34c4d corporate/4.0/i586/ghostscript-common-8.15-46.3.20060mlcs4.i586.rpm
bf635e5a119e66182b3eb60af9aad944 corporate/4.0/i586/ghostscript-dvipdf-8.15-46.3.20060mlcs4.i586.rpm
a91390460c04bf47be2600ac75120241 corporate/4.0/i586/ghostscript-module-X-8.15-46.3.20060mlcs4.i586.rpm
e0c399cff8fa6c20526aec6df79c3fd8 corporate/4.0/i586/ghostscript-X-8.15-46.3.20060mlcs4.i586.rpm
21741e45e78a0c2dec56f59e711ce09e corporate/4.0/i586/libgs8-8.15-46.3.20060mlcs4.i586.rpm
69185151ea9b0f1e3a0a60a391a0506e corporate/4.0/i586/libgs8-devel-8.15-46.3.20060mlcs4.i586.rpm
72222457301550f58dee02d070b1ed95 corporate/4.0/i586/libijs1-0.35-46.3.20060mlcs4.i586.rpm
c8f5c821561fb3baf9acf7496d3e7b3a corporate/4.0/i586/libijs1-devel-0.35-46.3.20060mlcs4.i586.rpm
4f4fbfbe952492d6cb028020b11503de corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5b33ba915d6261abbfc6dad1222a8bff corporate/4.0/x86_64/ghostscript-8.15-46.3.20060mlcs4.x86_64.rpm
5093e1bc56583303dd20d3f5f9194239 corporate/4.0/x86_64/ghostscript-common-8.15-46.3.20060mlcs4.x86_64.rpm
15a3f7d7631b5c3815e23aef619b74ad corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.3.20060mlcs4.x86_64.rpm
97a12577502cca5c55ec473b02c4513f corporate/4.0/x86_64/ghostscript-module-X-8.15-46.3.20060mlcs4.x86_64.rpm
bd3cdc393b6ee0178e4c5c9f04197d90 corporate/4.0/x86_64/ghostscript-X-8.15-46.3.20060mlcs4.x86_64.rpm
698f95ea98989cc550e538ee84d81165 corporate/4.0/x86_64/lib64gs8-8.15-46.3.20060mlcs4.x86_64.rpm
4d9ecd9c9653a9919dc3a94c19ad2fd8 corporate/4.0/x86_64/lib64gs8-devel-8.15-46.3.20060mlcs4.x86_64.rpm
b4b6bb5147eeae90de565fdb36bc497c corporate/4.0/x86_64/lib64ijs1-0.35-46.3.20060mlcs4.x86_64.rpm
7bcfd3d13f3fd56f250d45c1951ec716 corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.3.20060mlcs4.x86_64.rpm
4f4fbfbe952492d6cb028020b11503de corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
86624ba14e7c0fdd9856725dfe7644e7 mes5/i586/ghostscript-8.63-62.4mdvmes5.1.i586.rpm
2b124bd39a9b6cd96de26f657fde5dbd mes5/i586/ghostscript-common-8.63-62.4mdvmes5.1.i586.rpm
eb3b05bca5cbc8edce86d83ed908ea7f mes5/i586/ghostscript-doc-8.63-62.4mdvmes5.1.i586.rpm
31593b2e8da79e4af8afbcfb8899ea43 mes5/i586/ghostscript-dvipdf-8.63-62.4mdvmes5.1.i586.rpm
1d8254b2063933769c5f58bb45553bff mes5/i586/ghostscript-module-X-8.63-62.4mdvmes5.1.i586.rpm
070c094d2195733316efb75c416bc612 mes5/i586/ghostscript-X-8.63-62.4mdvmes5.1.i586.rpm
b23d826a174479964126b73ff3238495 mes5/i586/libgs8-8.63-62.4mdvmes5.1.i586.rpm
79da2ab04cc49f3cf33f5a22d8e368a3 mes5/i586/libgs8-devel-8.63-62.4mdvmes5.1.i586.rpm
54f4c76fdda312a6332acbc733413363 mes5/i586/libijs1-0.35-62.4mdvmes5.1.i586.rpm
a168e7f8498acd6c1c89187b43918971 mes5/i586/libijs1-devel-0.35-62.4mdvmes5.1.i586.rpm
0bca27a00704c2ac8896caaba43aa8cb mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
6546f0b510efbe11367ea5c14d84ced7 mes5/x86_64/ghostscript-8.63-62.4mdvmes5.1.x86_64.rpm
df26a454dfb3d9feb396133c93a5bacd mes5/x86_64/ghostscript-common-8.63-62.4mdvmes5.1.x86_64.rpm
2da8d9cdab1e81d2bca5a32f9d17838d mes5/x86_64/ghostscript-doc-8.63-62.4mdvmes5.1.x86_64.rpm
d42d41adea2a77cf0dd204222d1fcd3c mes5/x86_64/ghostscript-dvipdf-8.63-62.4mdvmes5.1.x86_64.rpm
2c8bdac0fc03185381918a5471104bf9 mes5/x86_64/ghostscript-module-X-8.63-62.4mdvmes5.1.x86_64.rpm
2f8c45e461f2365641ad973c294cf246 mes5/x86_64/ghostscript-X-8.63-62.4mdvmes5.1.x86_64.rpm
0cc3dfad8881a1b2e7440b9a88463720 mes5/x86_64/lib64gs8-8.63-62.4mdvmes5.1.x86_64.rpm
a3282f4cb62138b656e9e2b499a362bd mes5/x86_64/lib64gs8-devel-8.63-62.4mdvmes5.1.x86_64.rpm
ba01f7b7ed7e9de0b68b138ceaf09229 mes5/x86_64/lib64ijs1-0.35-62.4mdvmes5.1.x86_64.rpm
726fe6f338a3f4db537d99f14abc6d81 mes5/x86_64/lib64ijs1-devel-0.35-62.4mdvmes5.1.x86_64.rpm
0bca27a00704c2ac8896caaba43aa8cb mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL9Bk1mqjQ0CJFipgRAhZmAJ9JHzNBU4Q6OlJcIMoyQ50LW/+4BQCgv+rh
nO++o+wcghpkSCXfpkasmSk=
=q2JM
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists