lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OZYZw-0000Nf-84@titan.mandriva.com>
Date: Fri, 16 Jul 2010 02:15:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:134 ] ghostscript


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:134
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ghostscript
 Date    : July 15, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in ghostscript:
 
 Stack-based buffer overflow in the errprintf function in base/gsmisc.c
 in ghostscript 8.64 through 8.70 allows remote attackers to cause a
 denial of service (crash) and possibly execute arbitrary code via a
 crafted PDF file, as originally reported for debug logging code in
 gdevcups.c in the CUPS output driver (CVE-2009-4270).
 
 Ghostscript 8.64, 8.70, and possibly other versions allows
 context-dependent attackers to execute arbitrary code via a
 PostScript file containing unlimited recursive procedure invocations,
 which trigger memory corruption in the stack of the interpreter
 (CVE-2010-1628).
 
 As a precaution ghostscriptc has been rebuilt to link against the
 system libpng library which was fixed with MDVSA-2010:133
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 77eb5421a46b0d03ca9d58116a0280f9  2008.0/i586/ghostscript-8.60-55.5mdv2008.0.i586.rpm
 5a39cfe3e1aba95a8d658759a3a5119e  2008.0/i586/ghostscript-common-8.60-55.5mdv2008.0.i586.rpm
 3b5e53fd83a0e41975cc84c329c21594  2008.0/i586/ghostscript-doc-8.60-55.5mdv2008.0.i586.rpm
 5dcd284dfa85fc4b575e012edd3b39db  2008.0/i586/ghostscript-dvipdf-8.60-55.5mdv2008.0.i586.rpm
 0da4a916b42c7b2e31b496ce9978da90  2008.0/i586/ghostscript-module-X-8.60-55.5mdv2008.0.i586.rpm
 32f750da9a64ae9a25391515b72dd1ca  2008.0/i586/ghostscript-X-8.60-55.5mdv2008.0.i586.rpm
 ce643129766855bf3976fb29be85684b  2008.0/i586/libgs8-8.60-55.5mdv2008.0.i586.rpm
 edc97f2de46cb03283436b15b93cd093  2008.0/i586/libgs8-devel-8.60-55.5mdv2008.0.i586.rpm
 3e3241cb2ff1f10159e4d20110de28ae  2008.0/i586/libijs1-0.35-55.5mdv2008.0.i586.rpm
 4a9ee540dd1cf0af9f1580b4e85e95c0  2008.0/i586/libijs1-devel-0.35-55.5mdv2008.0.i586.rpm 
 05e58cdb44a830721622f03f262c858b  2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 66084a543e49442a6c4c9643cf820d94  2008.0/x86_64/ghostscript-8.60-55.5mdv2008.0.x86_64.rpm
 53145f9250eba28db65dd84697387ec5  2008.0/x86_64/ghostscript-common-8.60-55.5mdv2008.0.x86_64.rpm
 f5345590252c85fe0f95917ddaf16f6e  2008.0/x86_64/ghostscript-doc-8.60-55.5mdv2008.0.x86_64.rpm
 57ec8f3f89ebc005db47f0785a807118  2008.0/x86_64/ghostscript-dvipdf-8.60-55.5mdv2008.0.x86_64.rpm
 63ad2bcb12966485bcea3495139e1ebd  2008.0/x86_64/ghostscript-module-X-8.60-55.5mdv2008.0.x86_64.rpm
 7cf90c19eba8a01dd056723e27a51f40  2008.0/x86_64/ghostscript-X-8.60-55.5mdv2008.0.x86_64.rpm
 ac8802d8efa7366b30e49883dca1295d  2008.0/x86_64/lib64gs8-8.60-55.5mdv2008.0.x86_64.rpm
 e9caace723a0beae5d4183c6b96de445  2008.0/x86_64/lib64gs8-devel-8.60-55.5mdv2008.0.x86_64.rpm
 798a01a8db97ea16d98e81ba6c8dea8e  2008.0/x86_64/lib64ijs1-0.35-55.5mdv2008.0.x86_64.rpm
 3181d98d311b12946dc1042d89869529  2008.0/x86_64/lib64ijs1-devel-0.35-55.5mdv2008.0.x86_64.rpm 
 05e58cdb44a830721622f03f262c858b  2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 a352af34572fb9e61623d4300c55d871  2009.0/i586/ghostscript-8.63-62.5mdv2009.0.i586.rpm
 803e53b01b231e877e20ae4568c4f8e9  2009.0/i586/ghostscript-common-8.63-62.5mdv2009.0.i586.rpm
 b5ae1e9bd8005bc6488e69118595f251  2009.0/i586/ghostscript-doc-8.63-62.5mdv2009.0.i586.rpm
 05962f8f37a5f88bf8386f20860c4f62  2009.0/i586/ghostscript-dvipdf-8.63-62.5mdv2009.0.i586.rpm
 214945b1dd718ca417a3ce68e419f620  2009.0/i586/ghostscript-module-X-8.63-62.5mdv2009.0.i586.rpm
 c0529b523a194b493c1b940bec07c430  2009.0/i586/ghostscript-X-8.63-62.5mdv2009.0.i586.rpm
 a70d34ac01d71685dc8c8494c8626896  2009.0/i586/libgs8-8.63-62.5mdv2009.0.i586.rpm
 a02fe0054f39218ef0c4567d977fb352  2009.0/i586/libgs8-devel-8.63-62.5mdv2009.0.i586.rpm
 4e289a72cd71091d2edb82061a400244  2009.0/i586/libijs1-0.35-62.5mdv2009.0.i586.rpm
 ae1a12a3fd40a00b5c0de26a548aef19  2009.0/i586/libijs1-devel-0.35-62.5mdv2009.0.i586.rpm 
 b637e0180a53c807e7140e2f85925a6a  2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 3f9f69cf8152862a4b31b7ea4c13b2ac  2009.0/x86_64/ghostscript-8.63-62.5mdv2009.0.x86_64.rpm
 fb79da17f6fc6046cf4929e18e6a288d  2009.0/x86_64/ghostscript-common-8.63-62.5mdv2009.0.x86_64.rpm
 360a7b1646f34a4efe01537b0cc60c66  2009.0/x86_64/ghostscript-doc-8.63-62.5mdv2009.0.x86_64.rpm
 1c63d2d891288d29bd92373184fe5b4d  2009.0/x86_64/ghostscript-dvipdf-8.63-62.5mdv2009.0.x86_64.rpm
 e5f01a1b3ef5578a7018a58f505ed7d5  2009.0/x86_64/ghostscript-module-X-8.63-62.5mdv2009.0.x86_64.rpm
 b6f421b572edf107cad43ceae7fd3c1c  2009.0/x86_64/ghostscript-X-8.63-62.5mdv2009.0.x86_64.rpm
 987f21c61e8f0912e50b1a95c1cb7038  2009.0/x86_64/lib64gs8-8.63-62.5mdv2009.0.x86_64.rpm
 75f5bb7525ceb5d62b7c39d0b14990d4  2009.0/x86_64/lib64gs8-devel-8.63-62.5mdv2009.0.x86_64.rpm
 48b98d77285131b557a414044edb1668  2009.0/x86_64/lib64ijs1-0.35-62.5mdv2009.0.x86_64.rpm
 7067034cd5f794f80003f1e99d39d685  2009.0/x86_64/lib64ijs1-devel-0.35-62.5mdv2009.0.x86_64.rpm 
 b637e0180a53c807e7140e2f85925a6a  2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 32dd01420bbe2d9a92871d3738f2da4e  2009.1/i586/ghostscript-8.64-65.3mdv2009.1.i586.rpm
 23e4d42365de5b46d4c5c9054f74346b  2009.1/i586/ghostscript-common-8.64-65.3mdv2009.1.i586.rpm
 b57dcba125a5690dcc28cdb8c05f4332  2009.1/i586/ghostscript-doc-8.64-65.3mdv2009.1.i586.rpm
 f4b88cdf43836f42ddceb8a1aabe763f  2009.1/i586/ghostscript-dvipdf-8.64-65.3mdv2009.1.i586.rpm
 0cc3d0308cd23be9824c1200e898b714  2009.1/i586/ghostscript-module-X-8.64-65.3mdv2009.1.i586.rpm
 ebb659e60af62c274bef282022152d38  2009.1/i586/ghostscript-X-8.64-65.3mdv2009.1.i586.rpm
 ff943713120978fab615299743cfa51f  2009.1/i586/libgs8-8.64-65.3mdv2009.1.i586.rpm
 ec0c79022a682afae03f93fe1cc8a39f  2009.1/i586/libgs8-devel-8.64-65.3mdv2009.1.i586.rpm
 751d6177f35e9ffcd9756f7ce2316105  2009.1/i586/libijs1-0.35-65.3mdv2009.1.i586.rpm
 4b2a5919a2aff5cea48818060fdeabdc  2009.1/i586/libijs1-devel-0.35-65.3mdv2009.1.i586.rpm 
 c867b4c99ead7107153a45dcd132b552  2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f64004b9f8ac0babd18ef804baee8e42  2009.1/x86_64/ghostscript-8.64-65.3mdv2009.1.x86_64.rpm
 c9eded731e1fb8e0656d223cc8a70f13  2009.1/x86_64/ghostscript-common-8.64-65.3mdv2009.1.x86_64.rpm
 94d39d62799e4140c6bdd8c77d3c5ee2  2009.1/x86_64/ghostscript-doc-8.64-65.3mdv2009.1.x86_64.rpm
 11f9e7b24d865dc1cc9c4f98a5c818d1  2009.1/x86_64/ghostscript-dvipdf-8.64-65.3mdv2009.1.x86_64.rpm
 db63a65d1e861654b4a122b219ad8ce0  2009.1/x86_64/ghostscript-module-X-8.64-65.3mdv2009.1.x86_64.rpm
 35588ab514e30f1ff522c93c04b3d0ac  2009.1/x86_64/ghostscript-X-8.64-65.3mdv2009.1.x86_64.rpm
 1f9e3b056ace305a8dd051adbddfa447  2009.1/x86_64/lib64gs8-8.64-65.3mdv2009.1.x86_64.rpm
 09dd08b131fd2ced7c7a37915d8ea814  2009.1/x86_64/lib64gs8-devel-8.64-65.3mdv2009.1.x86_64.rpm
 c1fa0c4f8f66994067a0ecc8e62d3d98  2009.1/x86_64/lib64ijs1-0.35-65.3mdv2009.1.x86_64.rpm
 6a8269b04a47973e584e9f688f1f495c  2009.1/x86_64/lib64ijs1-devel-0.35-65.3mdv2009.1.x86_64.rpm 
 c867b4c99ead7107153a45dcd132b552  2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 49383f4ecfb6c67f90b4253f2086a4ef  2010.0/i586/ghostscript-8.64-69.2mdv2010.0.i586.rpm
 f9aca4fbc7cca234123d3c5af21c6f97  2010.0/i586/ghostscript-common-8.64-69.2mdv2010.0.i586.rpm
 6a0128bd507a0b80b3933de2227dbbd1  2010.0/i586/ghostscript-doc-8.64-69.2mdv2010.0.i586.rpm
 e6390ef67a422eef9728e694b28aeb93  2010.0/i586/ghostscript-dvipdf-8.64-69.2mdv2010.0.i586.rpm
 78ede34b12fa4bfa6e22e9ee4987831e  2010.0/i586/ghostscript-module-X-8.64-69.2mdv2010.0.i586.rpm
 d51a4cc8715d52b9421f5f95ae750085  2010.0/i586/ghostscript-X-8.64-69.2mdv2010.0.i586.rpm
 be5f616da9bd1c3418b0f47d570df3b7  2010.0/i586/libgs8-8.64-69.2mdv2010.0.i586.rpm
 7d19299369d8ea4ae713670475722fe2  2010.0/i586/libgs8-devel-8.64-69.2mdv2010.0.i586.rpm
 998d12bc315dcff5def6fe2a937175ff  2010.0/i586/libijs1-0.35-69.2mdv2010.0.i586.rpm
 55f1a1c8a8a9da32e4129969ecbd7b4a  2010.0/i586/libijs1-devel-0.35-69.2mdv2010.0.i586.rpm 
 3304d6203f6a6df245c3a719267006bc  2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8c7785864300bc175e8f0de15e9039a7  2010.0/x86_64/ghostscript-8.64-69.2mdv2010.0.x86_64.rpm
 8b3434aa65e1751390e2976f4d209593  2010.0/x86_64/ghostscript-common-8.64-69.2mdv2010.0.x86_64.rpm
 0f0945a3a1e410359248f508971e3ac8  2010.0/x86_64/ghostscript-doc-8.64-69.2mdv2010.0.x86_64.rpm
 6da764113d1bfbc952050b804b83bbd5  2010.0/x86_64/ghostscript-dvipdf-8.64-69.2mdv2010.0.x86_64.rpm
 34718b39dd7b09d52e628f0db0f776b0  2010.0/x86_64/ghostscript-module-X-8.64-69.2mdv2010.0.x86_64.rpm
 d3b3227b352b02514f8010b5cf107c96  2010.0/x86_64/ghostscript-X-8.64-69.2mdv2010.0.x86_64.rpm
 0b92a8f8b4473c75f18fd9d1b25d1ae2  2010.0/x86_64/lib64gs8-8.64-69.2mdv2010.0.x86_64.rpm
 f0d9d3af320d1df93720d9c02f9a5498  2010.0/x86_64/lib64gs8-devel-8.64-69.2mdv2010.0.x86_64.rpm
 f264cb770d9532c68ee69c3e48a6472d  2010.0/x86_64/lib64ijs1-0.35-69.2mdv2010.0.x86_64.rpm
 1b043258fa19ffe7e3b75f12c9872313  2010.0/x86_64/lib64ijs1-devel-0.35-69.2mdv2010.0.x86_64.rpm 
 3304d6203f6a6df245c3a719267006bc  2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 5e83aa57503fbbc9208881c41bf0617d  mes5/i586/ghostscript-8.63-62.5mdvmes5.1.i586.rpm
 dcca03b0ae071f83d49a3df7dfe5be04  mes5/i586/ghostscript-common-8.63-62.5mdvmes5.1.i586.rpm
 f6519be8e34bf9deabf5f9a8fab97b9d  mes5/i586/ghostscript-doc-8.63-62.5mdvmes5.1.i586.rpm
 22ad173ae67e7febf9b052f5659936d8  mes5/i586/ghostscript-dvipdf-8.63-62.5mdvmes5.1.i586.rpm
 47f9eb2574eff34348b41a0124171056  mes5/i586/ghostscript-module-X-8.63-62.5mdvmes5.1.i586.rpm
 71a6d36a00f818cfbdff90010563bd1c  mes5/i586/ghostscript-X-8.63-62.5mdvmes5.1.i586.rpm
 cd879dd0960d9f46ea929d2ff515390a  mes5/i586/libgs8-8.63-62.5mdvmes5.1.i586.rpm
 653648203476bfbf855139a4b380394b  mes5/i586/libgs8-devel-8.63-62.5mdvmes5.1.i586.rpm
 6985d25ec775b44ffe31a91e09aaa2c1  mes5/i586/libijs1-0.35-62.5mdvmes5.1.i586.rpm
 caf102b269fca1da65f74c0e8beb2089  mes5/i586/libijs1-devel-0.35-62.5mdvmes5.1.i586.rpm 
 effe8f02d35bd41f611c0f99f834c6b1  mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4a2946625f401314a651997e033ac21d  mes5/x86_64/ghostscript-8.63-62.5mdvmes5.1.x86_64.rpm
 ba4bc52599001153edf1e98a8e6ca848  mes5/x86_64/ghostscript-common-8.63-62.5mdvmes5.1.x86_64.rpm
 00297d12b503b3f5659659b440bcd49e  mes5/x86_64/ghostscript-doc-8.63-62.5mdvmes5.1.x86_64.rpm
 d10f7b6178049a5751d3415c683d9588  mes5/x86_64/ghostscript-dvipdf-8.63-62.5mdvmes5.1.x86_64.rpm
 bfd9c01188f12d58ce93ce2ef82ae167  mes5/x86_64/ghostscript-module-X-8.63-62.5mdvmes5.1.x86_64.rpm
 3d5c373f2938b0ac44bfb2b6229a7593  mes5/x86_64/ghostscript-X-8.63-62.5mdvmes5.1.x86_64.rpm
 599f1a6c68cb3d7013393e53dfd6521d  mes5/x86_64/lib64gs8-8.63-62.5mdvmes5.1.x86_64.rpm
 f715b89840a0cd1eda5fced024e132e0  mes5/x86_64/lib64gs8-devel-8.63-62.5mdvmes5.1.x86_64.rpm
 22e46de13ec51543c6c4c146d09ee789  mes5/x86_64/lib64ijs1-0.35-62.5mdvmes5.1.x86_64.rpm
 06795e43a579200b1175a6a7cbcd0e6a  mes5/x86_64/lib64ijs1-devel-0.35-62.5mdvmes5.1.x86_64.rpm 
 effe8f02d35bd41f611c0f99f834c6b1  mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMP3MqmqjQ0CJFipgRArDeAJ46HoacyStwR/xYVe5OcrxMtWiNvwCfWA5I
lSnMvrv7yLKJSEHbmeoifjo=
=HgXd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ