_______________________________________________________________________
Package : ghostscript
Date : April 24, 2009
Affected: 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).
Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).
Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).
This update provides fixes for that vulnerabilities.
Update:
gostscript packages from Mandriva Linux 2009.0 distribution are not
affected by CVE-2007-6725.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2007-6725
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-6679
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0583
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0584
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0792
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0196
_______________________________________________________________________
[ MDVSA-2009:095 ] ghostscript
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:095 ] ghostscript
Kirjoittaja dude67 » 02 Touko 2009, 09:21
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 37 vierailijaa