LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New ghostscript packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1746-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
March 20, 2009                   	http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : ghostscript
Vulnerability  : several vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2009-0583 CVE-2009-0584


Two security issues have been discovered in ghostscript, the GPL
Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and
Exposures project identifies the following problems:


CVE-2009-0583

Jan Lieskovsky discovered multiple integer overflows in the ICC library,
which allow the execution of arbitrary code via crafted ICC profiles in
PostScript files with embedded images.

CVE-2009-0584

Jan Lieskovsky discovered insufficient upper-bounds checks on certain
variable sizes in the ICC library, which allow the execution of
arbitrary code via crafted ICC profiles in PostScript files with
embedded images.


For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny1.

For the oldstable distribution (etch), these problems have been fixed
in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable
is called gs-gpl.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.


We recommend that you upgrade your ghostscript/gs-gpl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
    Size/MD5 checksum: 11695732 05938e26bfa8769e28cf2bb38efd9673
  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.diff.gz
    Size/MD5 checksum:   222025 2c1bc048ef7c965631c44e4f5fdf2421
  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.dsc
    Size/MD5 checksum:      837 548225280e3ea0cc9f0752a0b84ee16a

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch2_all.deb
    Size/MD5 checksum:    14404 acbacfffd7964c8d7e2efc6d7b0c5fff

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_alpha.deb
    Size/MD5 checksum:  5838820 d4e38d1dbc1265ca2b4ad8e49b8700cb

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_amd64.deb
    Size/MD5 checksum:  5617322 f9d719e1c72e869f0aa530057d5da244

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_arm.deb
    Size/MD5 checksum:  5509682 3581a6fa9c7e1b7eecb139a69bad831d

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_hppa.deb
    Size/MD5 checksum:  5766684 408f1bc20285d13ebdaa1e92be345004

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_i386.deb
    Size/MD5 checksum:  5526514 3f23df691da756cd3dbd7a56b1f7baae

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_ia64.deb
    Size/MD5 checksum:  6551116 f0204f85d0c2342ce1df8a877b09ee68

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mips.deb
    Size/MD5 checksum:  5737602 48b8a1cd5c68383cb2bd673845a26a4c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mipsel.deb
    Size/MD5 checksum:  5744092 cc66db4d6319f3115bebbe7a530950e0

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_powerpc.deb
    Size/MD5 checksum:  5581730 cacef2383b679cecc01b5f8b039c6a5f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_s390.deb
    Size/MD5 checksum:  5536144 043ff8f2871620435156699cb28ab897

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_sparc.deb
    Size/MD5 checksum:  5460146 74f43838cbe0cc7e33e75f46a3ea209a


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.dsc
    Size/MD5 checksum:     1535 2f2559433a5e6996e514dafcca7dd69c
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.diff.gz
    Size/MD5 checksum:   100462 83f637fa1b723157588d60b00a6b3a24
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
    Size/MD5 checksum: 12212309 42fc1b31aa745c3765c2fcd2da243236

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:    28512 ade6aa8af31b6bac6c452ea151db60b8
  http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:    28726 10ba84f9f9385457a238ed77d89ed5c1
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:  2790286 6c42b8804fe67c08afac4844c132c885
  http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:    28514 539902aa120256407c4d8e865b1c5904
  http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:    28514 cb5278471b25206d79427cabc4ce2ea3
  http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny1_all.deb
    Size/MD5 checksum:    28522 9443d3a57981788d7c307ecd77f7ab1c

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_alpha.deb
    Size/MD5 checksum:   762156 4e36f7ff8af994054cffabb253c51ba9
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_alpha.deb
    Size/MD5 checksum:  2628412 1238c1f69916afdd72ef4ad265437844
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_alpha.deb
    Size/MD5 checksum:    65272 e0db66adbdc1ecf15cf0bc07b331d72c
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_alpha.deb
    Size/MD5 checksum:    35280 dbaeb18e5f652d20f9756acdd16285bc

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_amd64.deb
    Size/MD5 checksum:  2324530 f5b409aaa3a652c232c6dc1c5c31b824
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_amd64.deb
    Size/MD5 checksum:    35292 8589ff0d11cf1df9e8af3407cdd23ec2
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_amd64.deb
    Size/MD5 checksum:   798148 311a2a0375b14bdfabb7a49c4ee5a388
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_amd64.deb
    Size/MD5 checksum:    62126 286cad4bbf646f4c3db19528cde748ed

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_arm.deb
    Size/MD5 checksum:  2176974 3053978d7f749cba4ce6b68580b3733f
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_arm.deb
    Size/MD5 checksum:    59684 c758e0c50cc23195b1b588054591a56d
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_arm.deb
    Size/MD5 checksum:    34654 18d4896df4df84814f27fc8f4aa5594c
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_arm.deb
    Size/MD5 checksum:   796402 b04ba32752a0a9ba9c645c921100535f

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_armel.deb
    Size/MD5 checksum:    35296 e8e3031e8005ac8a6d312b24d5dbff23
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_armel.deb
    Size/MD5 checksum:    63276 a525fc26418e4bc95bdfaa55a1bea7d6
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_armel.deb
    Size/MD5 checksum:   799534 029d1ca77de78e6c123246db94f23726
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_armel.deb
    Size/MD5 checksum:  2211746 d5deb1d2d75e62c41804b88c52021e1d

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_hppa.deb
    Size/MD5 checksum:  2568152 d57efabc1fc8076c2d31793fb7f8a4ac
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_hppa.deb
    Size/MD5 checksum:   796056 738411624ecf1cedf40c6437db6bbeaa
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_hppa.deb
    Size/MD5 checksum:    36130 9c629bb5ac49d922e0dd19bc201260af
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_hppa.deb
    Size/MD5 checksum:    65802 926ddc29fc040141841f7ad9939010f4

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_i386.deb
    Size/MD5 checksum:    60650 09929bd54215e145ccbb400bd5fd64b4
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_i386.deb
    Size/MD5 checksum:  2221498 bf1da8385d836970119e02ee8ba2679d
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_i386.deb
    Size/MD5 checksum:    36130 ae0ac01db0c9d94dcaafd66891a19fcd
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_i386.deb
    Size/MD5 checksum:   797038 2b334a1592e6b8c41803a3dd350ef514

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_ia64.deb
    Size/MD5 checksum:   762564 b4e9e1bb352813d8598ed0820dc6d563
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_ia64.deb
    Size/MD5 checksum:    80240 96679a948d589619d83926074c11a99b
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_ia64.deb
    Size/MD5 checksum:    35278 385266dfdf5cca6bcfe5076b6d78b804
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_ia64.deb
    Size/MD5 checksum:  3615012 5be855cf7988372e69017ef193eaea81

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mips.deb
    Size/MD5 checksum:   798528 2c06f890ab0f951623609c10a13ef20c
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mips.deb
    Size/MD5 checksum:    36222 adef63b494296202b32fe81d979b0999
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mips.deb
    Size/MD5 checksum:  2307372 4b41acf75b32134f2bd92685a3a7ccb4
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mips.deb
    Size/MD5 checksum:    61622 f0a94415338960e5bb59ae495e395801

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mipsel.deb
    Size/MD5 checksum:    35294 fe6687e3f2166d7985d117255c26540b
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mipsel.deb
    Size/MD5 checksum:    61584 945878bc6fec2d0b68b726bc425a2b67
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mipsel.deb
    Size/MD5 checksum:   761978 9d56a58f19cd1822925e0f4cfd76e69f
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mipsel.deb
    Size/MD5 checksum:  2299918 8c54526e2c0b82dda98fe20c5c056e92

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_powerpc.deb
    Size/MD5 checksum:   764044 60515f78c9c727c220d0d29bfa25a5ae
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_powerpc.deb
    Size/MD5 checksum:    35284 68b7094bd9cb97a252b256037c9d0594
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_powerpc.deb
    Size/MD5 checksum:  2408840 63bb2dd93f575c7e66fbdc767804b4e4
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_powerpc.deb
    Size/MD5 checksum:    64990 8302cc72305a647e63e1120dd310e18d

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_s390.deb
    Size/MD5 checksum:   762026 910f881d6eaccffd26934a949c888ca9
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_s390.deb
    Size/MD5 checksum:  2436778 afd004cbeddcb57e86eb49093493d5f7
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_s390.deb
    Size/MD5 checksum:    35278 40f1a8eaedf95e6b8043bff48a7dabfa
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_s390.deb
    Size/MD5 checksum:    63232 b847b55b28214772602aca9caa72cecd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_sparc.deb
    Size/MD5 checksum:  2186660 d6f70af487a94d9a8d15bc04b2907171
  http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_sparc.deb
    Size/MD5 checksum:    35288 7f7ffd352ce32f219136cfaa596928f7
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_sparc.deb
    Size/MD5 checksum:    59170 01a70b61316be217c9e1eaadd452dedd
  http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_sparc.deb
    Size/MD5 checksum:   761898 bd1f18ac686723643cff62993f96bfd7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.