LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Moderate: ghostscript on SL3.x, SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 25 Mar 2009 15:48:48 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (93 lines)

There was an error with some compile-time dependencies with the 
ghostscript packages for SL 309, causing ghostscript to not run.
These dependancies have been fixed, and the packages recompiled correctly.
Nothing has been changed in the rpm other than the release number was 
changed so that the new packages would install correctly.

SL 3.0.x

        SRPMS:
ghostscript-7.05-32.1.17.sl3.1.src.rpm
        i386:
ghostscript-7.05-32.1.17.sl3.1.i386.rpm
ghostscript-devel-7.05-32.1.17.sl3.1.i386.rpm
hpijs-1.3-32.1.17.sl3.1.i386.rpm
        x86_64:
ghostscript-7.05-32.1.17.sl3.1.i386.rpm
ghostscript-7.05-32.1.17.sl3.1.x86_64.rpm
ghostscript-devel-7.05-32.1.17.sl3.1.x86_64.rpm
hpijs-1.3-32.1.17.sl3.1.x86_64.rpm

My apologies
Troy Dawson

Troy J Dawson wrote:
> Synopsis:	Moderate: ghostscript security update
> Issue date:	2009-03-19
> CVE Names:	CVE-2009-0583 CVE-2009-0584
> 
> Multiple integer overflow flaws which could lead to heap-based buffer
> overflows, as well as multiple insufficient input validation flaws, were
> found in Ghostscript's International Color Consortium Format library
> (icclib). Using specially-crafted ICC profiles, an attacker could create 
> a malicious PostScript or PDF file with embedded images which could 
> cause Ghostscript to crash, or, potentially, execute arbitrary code when 
> opened by the victim. (CVE-2009-0583, CVE-2009-0584)
> 
> SL 3.0.x
> 
>        SRPMS:
> ghostscript-7.05-32.1.17.src.rpm
>        i386:
> ghostscript-7.05-32.1.17.i386.rpm
> ghostscript-devel-7.05-32.1.17.i386.rpm
> hpijs-1.3-32.1.17.i386.rpm
>        x86_64:
> ghostscript-7.05-32.1.17.i386.rpm
> ghostscript-7.05-32.1.17.x86_64.rpm
> ghostscript-devel-7.05-32.1.17.x86_64.rpm
> hpijs-1.3-32.1.17.x86_64.rpm
> 
> SL 4.x
> 
>        SRPMS:
> ghostscript-7.07-33.2.el4_7.5.src.rpm
>        i386:
> ghostscript-7.07-33.2.el4_7.5.i386.rpm
> ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm
> ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm
>        x86_64:
> ghostscript-7.07-33.2.el4_7.5.i386.rpm
> ghostscript-7.07-33.2.el4_7.5.x86_64.rpm
> ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm
> ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm
> 
> SL 5.x
> 
>        SRPMS:
> ghostscript-8.15.2-9.4.el5_3.4.src.rpm
>        i386:
> ghostscript-8.15.2-9.4.el5_3.4.i386.rpm
> ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
> ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm
>        x86_64:
> ghostscript-8.15.2-9.4.el5_3.4.i386.rpm
> ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm
> ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm
> ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm
> ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV