LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: ghostscript on SL3.x, SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 15 Apr 2009 15:35:37 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

Synopsis:	Moderate: ghostscript security update
Issue date:	2009-04-14
CVE Names:	CVE-2007-6725 CVE-2008-6679 CVE-2009-0196
                 CVE-2009-0792

It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did 
not address all possible integer overflow flaws in Ghostscript's 
International Color Consortium Format library (icclib). Using 
specially-crafted ICC profiles, an attacker could create a malicious 
PostScript or PDF file with embedded images that could cause Ghostscript 
to crash or, potentially, execute arbitrary code when opened. 
(CVE-2009-0792)

A buffer overflow flaw and multiple missing boundary checks were found 
in Ghostscript. An attacker could create a specially-crafted PostScript 
or PDF file that could cause Ghostscript to crash or, potentially, 
execute arbitrary code when opened. (CVE-2008-6679, CVE-2007-6725, 
CVE-2009-0196)

SL 3.0.x

       SRPMS:
ghostscript-7.05-32.1.20.src.rpm
       i386:
ghostscript-7.05-32.1.20.i386.rpm
ghostscript-devel-7.05-32.1.20.i386.rpm
hpijs-1.3-32.1.20.i386.rpm
       x86_64:
ghostscript-7.05-32.1.20.i386.rpm
ghostscript-7.05-32.1.20.x86_64.rpm
ghostscript-devel-7.05-32.1.20.x86_64.rpm
hpijs-1.3-32.1.20.x86_64.rpm

SL 4.x

       SRPMS:
ghostscript-7.07-33.2.el4_7.8.src.rpm
       i386:
ghostscript-7.07-33.2.el4_7.8.i386.rpm
ghostscript-devel-7.07-33.2.el4_7.8.i386.rpm
ghostscript-gtk-7.07-33.2.el4_7.8.i386.rpm
       x86_64:
ghostscript-7.07-33.2.el4_7.8.i386.rpm
ghostscript-7.07-33.2.el4_7.8.x86_64.rpm
ghostscript-devel-7.07-33.2.el4_7.8.x86_64.rpm
ghostscript-gtk-7.07-33.2.el4_7.8.x86_64.rpm

SL 5.x

       SRPMS:
ghostscript-8.15.2-9.4.el5_3.7.src.rpm
       i386:
ghostscript-8.15.2-9.4.el5_3.7.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.7.i386.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.7.i386.rpm
       x86_64:
ghostscript-8.15.2-9.4.el5_3.7.i386.rpm
ghostscript-8.15.2-9.4.el5_3.7.x86_64.rpm
ghostscript-devel-8.15.2-9.4.el5_3.7.i386.rpm
ghostscript-devel-8.15.2-9.4.el5_3.7.x86_64.rpm
ghostscript-gtk-8.15.2-9.4.el5_3.7.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV