Synopsis: Moderate: ghostscript security update Issue date: 2009-03-19 CVE Names: CVE-2009-0583 CVE-2009-0584 Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584) SL 3.0.x SRPMS: ghostscript-7.05-32.1.17.src.rpm i386: ghostscript-7.05-32.1.17.i386.rpm ghostscript-devel-7.05-32.1.17.i386.rpm hpijs-1.3-32.1.17.i386.rpm x86_64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.x86_64.rpm ghostscript-devel-7.05-32.1.17.x86_64.rpm hpijs-1.3-32.1.17.x86_64.rpm SL 4.x SRPMS: ghostscript-7.07-33.2.el4_7.5.src.rpm i386: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm x86_64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm SL 5.x SRPMS: ghostscript-8.15.2-9.4.el5_3.4.src.rpm i386: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm x86_64: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm -Connie Sieh -Troy Dawson