Pardus: 2010-101: Ghostscript: Memory Corruption

Posted by Benjamin D. Thomas

An error in the processing of PostScript files can be exploited to cause a memory corruption via recursive function calls and may allow execution of arbitrary code via a specially crafted PostScript file.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-101           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-02
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
An error in the processing of PostScript files can be exploited to cause
a memory corruption via recursive function calls and may allow execution
of arbitrary code via a specially crafted PostScript file.


Description
==========
CVE-2010-1628:

Ghostscript   8.64, 8.70,   and   possibly   other   versions   allows
context-dependent attackers to execute arbitrary code via a  PostScript
file containing unlimited recursive procedure invocations, which trigger
memory corruption in the stack of the interpreter.


Affected packages:

  Pardus 2009:
    ghostscript, all before 8.71-30-13


Resolution
=========
There are update(s) for ghostscript. You can update  them  via  Package
Manager or with a single command from console:

    pisi up ghostscript

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id137
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1628
  * http://secunia.com/advisories/39753

------------------------------------------------------------------------