From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2093-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano
August 19, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ghostscript
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-4897 CVE-2010-1628
Debian Bug : 584516
Two security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-4897
It was discovered a buffer overflow that allows remote attackers to
execute arbitrary code or cause a denial of service via a crafted PDF
document containing a long name.
CVE-2010-1628
Dan Rosenberg discovered that ghostscript incorrectly handled certain
recursive Postscript files. An attacker could execute arbitrary code
via a PostScript file containing unlimited recursive procedure
invocations, which trigger memory corruption in the stack of the
interpreter.
For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny5
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 8.71~dfsg2-4
We recommend that you upgrade your ghostscript package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
Size/MD5 checksum: 106204 b0bbc6e0754c9a0675fadba1e90f1fbc
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.dsc
Size/MD5 checksum: 1536 546b30cfe6f76c0b5bd72cbeac6508d4
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
Size/MD5 checksum: 12212309 42fc1b31aa745c3765c2fcd2da243236
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 29112 22d376a18c120a6dca73cbf6554c9f3c
http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 28900 a749fa7a079f61432dba471524e3e7a5
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 28906 d3d81f5b998eb50a9e48715f2e60db6f
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 2783318 79a9eb022df01d0bfb84f1b3506ca396
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 28898 02a99ada64c8e28343b0c1fefaeb4b90
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny5_all.deb
Size/MD5 checksum: 28902 996faec6be2dee08b2eb331db983cb42
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_alpha.deb
Size/MD5 checksum: 65668 ee55e121b1c1a1801c129fe06d1227a6
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_alpha.deb
Size/MD5 checksum: 35680 877cb527ffaae7e6a19abbeacf22a195
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_alpha.deb
Size/MD5 checksum: 762546 5b6765436e6cdac408ef3e20000574e4
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_alpha.deb
Size/MD5 checksum: 2629510 ad41a261c12f9455a8b96275bce443d6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_amd64.deb
Size/MD5 checksum: 794466 ca2201142908c4577822396aefbdfecc
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_amd64.deb
Size/MD5 checksum: 63302 cb8c8e227c2093a27930e6110ee06f60
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_amd64.deb
Size/MD5 checksum: 2322954 feae1a7b2e1d580dd432c09f5b29b362
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_amd64.deb
Size/MD5 checksum: 36518 b0c3e67cab7c22ec6aa9060db4d916b5
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_arm.deb
Size/MD5 checksum: 796792 ac25f9f9b589abe8f43c647bd0435667
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_arm.deb
Size/MD5 checksum: 2179424 b7814c107c48d12d5238f1c4d333bf86
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_arm.deb
Size/MD5 checksum: 60116 034af0c1b3d514ebc507f0296be0ab60
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_arm.deb
Size/MD5 checksum: 35122 e47db394f8bc0e6b99bd544e33cad02e
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_armel.deb
Size/MD5 checksum: 62832 a74ba1060bdbe8e7c6d3ac30cf07711d
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)