 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 20 Mar 2009 16:03:41 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: ghostscript security update
Issue date: 2009-03-19
CVE Names: CVE-2009-0583 CVE-2009-0584
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in Ghostscript's International Color Consortium Format library
(icclib). Using specially-crafted ICC profiles, an attacker could create
a malicious PostScript or PDF file with embedded images which could
cause Ghostscript to crash, or, potentially, execute arbitrary code when
opened by the victim. (CVE-2009-0583, CVE-2009-0584)
SL 3.0.x
SRPMS:
ghostscript-7.05-32.1.17.src.rpm
i386:
ghostscript-7.05-32.1.17.i386.rpm
ghostscript-devel-7.05-32.1.17.i386.rpm
hpijs-1.3-32.1.17.i386.rpm
x86_64:
ghostscript-7.05-32.1.17.i386.rpm
ghostscript-7.05-32.1.17.x86_64.rpm
ghostscript-devel-7.05-32.1.17.x86_64.rpm
hpijs-1.3-32.1.17.x86_64.rpm
SL 4.x
SRPMS:
ghostscript-7.07-33.2.el4_7.5.src.rpm
i386:
ghostscript-7.07-33.2.el4_7.5.i386.rpm
ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm
ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm
x86_64:
ghostscript-7.07-33.2.el4_7.5.i386.rpm
ghostscript-7.07-33.2.el4_7.5.x86_64.rpm
ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm
ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm
SL 5.x
SRPMS:
ghostscript-8.15.2-9.4.el5_3.4.src.rpm
i386:
ghostscript-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm
x86_64:
ghostscript-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
