To: [email protected]Subject: [ MDVSA-2009:144 ] ghostscript
Date: Sat, 27 Jun 2009 21:04:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MKdBx-00065N-SG@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:144
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : June 27, 2009
Affected: 2008.1, 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in ghostscript:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
64de52ad8197e811b96671e9a730e3c0 2008.1/i586/ghostscript-8.61-60.2mdv2008.1.i586.rpm
45c1d4890c5c8b088e7a022fbbdc6dd9 2008.1/i586/ghostscript-common-8.61-60.2mdv2008.1.i586.rpm
a302314dd1cbe2460f27448adb59e826 2008.1/i586/ghostscript-doc-8.61-60.2mdv2008.1.i586.rpm
0e613f9e659e078bdab3d13a78f809a0 2008.1/i586/ghostscript-dvipdf-8.61-60.2mdv2008.1.i586.rpm
1a446b7c9285b32e7123913ab06a7b23 2008.1/i586/ghostscript-module-X-8.61-60.2mdv2008.1.i586.rpm
1225f21b30cb7ed380539e2d141f3d33 2008.1/i586/ghostscript-X-8.61-60.2mdv2008.1.i586.rpm
dd540467728f5e66bd37a1f49c0976a9 2008.1/i586/libgs8-8.61-60.2mdv2008.1.i586.rpm
dfbca51c10471f7cc8c5d2f8e09cda58 2008.1/i586/libgs8-devel-8.61-60.2mdv2008.1.i586.rpm
b6eae4883e5d9d76b2941f5f2ad2e63d 2008.1/i586/libijs1-0.35-60.2mdv2008.1.i586.rpm
37cedb3f1887c5fcd1c6e025c3af9a75 2008.1/i586/libijs1-devel-0.35-60.2mdv2008.1.i586.rpm
3b4d9f79b3e583c2a8c87f9662a370ec 2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
7575892730d45a63ecaf87c8c5396a5f 2008.1/x86_64/ghostscript-8.61-60.2mdv2008.1.x86_64.rpm
187caf1e05d6e108c040de51e9c0c2cf 2008.1/x86_64/ghostscript-common-8.61-60.2mdv2008.1.x86_64.rpm
370204ee2097294f44359fd3e23354cd 2008.1/x86_64/ghostscript-doc-8.61-60.2mdv2008.1.x86_64.rpm
b2a4bc0340b7862d87ef22b6eb5d54a2 2008.1/x86_64/ghostscript-dvipdf-8.61-60.2mdv2008.1.x86_64.rpm
a072f285954615b154763f8b6d84320c 2008.1/x86_64/ghostscript-module-X-8.61-60.2mdv2008.1.x86_64.rpm
72ee1177330643bba7bef2f759a27fb1 2008.1/x86_64/ghostscript-X-8.61-60.2mdv2008.1.x86_64.rpm
7961183b3542484dba3d45e4c0b0e63e 2008.1/x86_64/lib64gs8-8.61-60.2mdv2008.1.x86_64.rpm
337a97636c425cf3c95e8070bf9acd24 2008.1/x86_64/lib64gs8-devel-8.61-60.2mdv2008.1.x86_64.rpm
1fe6a0989d24d7acb36bc3f698992ae1 2008.1/x86_64/lib64ijs1-0.35-60.2mdv2008.1.x86_64.rpm
ab837490f350451d613a5cfae76852d0 2008.1/x86_64/lib64ijs1-devel-0.35-60.2mdv2008.1.x86_64.rpm
3b4d9f79b3e583c2a8c87f9662a370ec 2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
df32fad867b6add9bf45dad5657a8330 2009.0/i586/ghostscript-8.63-62.2mdv2009.0.i586.rpm
5210a202691f7651e50103f92fc47f82 2009.0/i586/ghostscript-common-8.63-62.2mdv2009.0.i586.rpm
96249fb38e6da477bfb5f509c9cfe1f7 2009.0/i586/ghostscript-doc-8.63-62.2mdv2009.0.i586.rpm
db3289afab8953821293444e4d25990e 2009.0/i586/ghostscript-dvipdf-8.63-62.2mdv2009.0.i586.rpm
2948de8a3142ac3cb188f1ca6277d085 2009.0/i586/ghostscript-module-X-8.63-62.2mdv2009.0.i586.rpm
0a1eb391b47f8a2885f687d727f0a727 2009.0/i586/ghostscript-X-8.63-62.2mdv2009.0.i586.rpm
64f89983246d5f77a657331f8c152b47 2009.0/i586/libgs8-8.63-62.2mdv2009.0.i586.rpm
67f549ca579add92fb25f20b49a4a125 2009.0/i586/libgs8-devel-8.63-62.2mdv2009.0.i586.rpm
7849ac132852a6c1ed86f924f92cc43a 2009.0/i586/libijs1-0.35-62.2mdv2009.0.i586.rpm
5e9b18f0795b19a247a690e3aaff2015 2009.0/i586/libijs1-devel-0.35-62.2mdv2009.0.i586.rpm
ce033e6b29aa70a42185a555eb6c378b 2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
bd0f230c1822c7c1bbba0559abdba507 2009.0/x86_64/ghostscript-8.63-62.2mdv2009.0.x86_64.rpm
4c5a4ab568fea04f48dc0cbd2655a35d 2009.0/x86_64/ghostscript-common-8.63-62.2mdv2009.0.x86_64.rpm
9161c959c6cef418ebad57db507e2822 2009.0/x86_64/ghostscript-doc-8.63-62.2mdv2009.0.x86_64.rpm
49d8b0b0644600f46be23bd7a95a6f1a 2009.0/x86_64/ghostscript-dvipdf-8.63-62.2mdv2009.0.x86_64.rpm
1a4b375953b3154e0bd69968d89c81fc 2009.0/x86_64/ghostscript-module-X-8.63-62.2mdv2009.0.x86_64.rpm
b19edb3dc189bd92ef6ff5048cb72ad8 2009.0/x86_64/ghostscript-X-8.63-62.2mdv2009.0.x86_64.rpm
9c6f38ee4b023e6ebaa9a0b740fff041 2009.0/x86_64/lib64gs8-8.63-62.2mdv2009.0.x86_64.rpm
f30d6c657f840ff898e2875f39637aec 2009.0/x86_64/lib64gs8-devel-8.63-62.2mdv2009.0.x86_64.rpm
77160fabdc96b83cca54dd96b9725e0d 2009.0/x86_64/lib64ijs1-0.35-62.2mdv2009.0.x86_64.rpm
310cf7488822883cb19228e245038891 2009.0/x86_64/lib64ijs1-devel-0.35-62.2mdv2009.0.x86_64.rpm
ce033e6b29aa70a42185a555eb6c378b 2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
5461e7acb022b34273bc8259c2cb51f3 2009.1/i586/ghostscript-8.64-65.1mdv2009.1.i586.rpm
fb55d8f235acf29d09d997a7336471a2 2009.1/i586/ghostscript-common-8.64-65.1mdv2009.1.i586.rpm
3e4332a4d9aeb25af76a04be3a215c85 2009.1/i586/ghostscript-doc-8.64-65.1mdv2009.1.i586.rpm
cffc795a9a7b3fba5f88d616d75bd15f 2009.1/i586/ghostscript-dvipdf-8.64-65.1mdv2009.1.i586.rpm
31d045453a66587fe6f6caf4cfbbf6c8 2009.1/i586/ghostscript-module-X-8.64-65.1mdv2009.1.i586.rpm
90e8c74e4732a90506c60d81ff92d344 2009.1/i586/ghostscript-X-8.64-65.1mdv2009.1.i586.rpm
303ca01b3b4932febd96eb488fb47d53 2009.1/i586/libgs8-8.64-65.1mdv2009.1.i586.rpm
946518442e2e6493b2bf83d6a81f4d10 2009.1/i586/libgs8-devel-8.64-65.1mdv2009.1.i586.rpm
15545b1852dea3d79b46a0602c6bfc57 2009.1/i586/libijs1-0.35-65.1mdv2009.1.i586.rpm
eff2cd5a24f88ef5d39fe7131f0b6f14 2009.1/i586/libijs1-devel-0.35-65.1mdv2009.1.i586.rpm
1c96f2a7290404b7075ec8ab406571df 2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
7d1bef1043e4ec08a4f48fdd7c64b83d 2009.1/x86_64/ghostscript-8.64-65.1mdv2009.1.x86_64.rpm
5a6c02f5643a40805b226c0e401e944c 2009.1/x86_64/ghostscript-common-8.64-65.1mdv2009.1.x86_64.rpm
205e378a2e3e78f70be416d028cfe2cd 2009.1/x86_64/ghostscript-doc-8.64-65.1mdv2009.1.x86_64.rpm
e71464af0f64ad8a67d9b4cc2dc6b212 2009.1/x86_64/ghostscript-dvipdf-8.64-65.1mdv2009.1.x86_64.rpm
474271f0b74ce5c8b3cfb6dab78ffe21 2009.1/x86_64/ghostscript-module-X-8.64-65.1mdv2009.1.x86_64.rpm
00afb881b26e8ab1bc2b82b0c0d57e5a 2009.1/x86_64/ghostscript-X-8.64-65.1mdv2009.1.x86_64.rpm
679194c2b7a835a16ac3ee33ef48209c 2009.1/x86_64/lib64gs8-8.64-65.1mdv2009.1.x86_64.rpm
c311ffb6c8f32e8dcdb65a35fb92aad3 2009.1/x86_64/lib64gs8-devel-8.64-65.1mdv2009.1.x86_64.rpm
4db7ecdf4f4b615965c386d881a2729e 2009.1/x86_64/lib64ijs1-0.35-65.1mdv2009.1.x86_64.rpm
e9c6700684bd7ce2917fe59e19d24e08 2009.1/x86_64/lib64ijs1-devel-0.35-65.1mdv2009.1.x86_64.rpm
1c96f2a7290404b7075ec8ab406571df 2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKRkCBmqjQ0CJFipgRAsXPAJ4wSuhitGx5GFak+Y9Vn7+DnlbZJwCfZmL8
VmzBRP7UPNfoHBoOpcgGFW0=
=ZeYa
-----END PGP SIGNATURE-----