Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201412-17 ] GPL Ghostscript: Multiple vulnerabilities
Date: Sat, 13 Dec 2014 17:57:49
Message-Id: 548C7D5F.50401@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201412-17
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: GPL Ghostscript: Multiple vulnerabilities
9 Date: December 13, 2014
10 Bugs: #264594, #300192, #332061, #437654
11 ID: 201412-17
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in GPL Ghostscript, the worst
19 of which may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Ghostscript is an interpreter for the PostScript language and for PDF.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-text/ghostscript-gpl
33 < 9.10-r2 >= 9.10-r2
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in GPL Ghostscript.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A context-dependent attacker could entice a user to open a specially
45 crafted PostScript file or PDF using GPL Ghostscript, possibly
46 resulting in execution of arbitrary code with the privileges of the
47 process or a Denial of Service condition.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All GPL Ghostscript users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot -v ">=app-text/ghostscript-gpl-9.10-r2"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2009-0196
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196
67 [ 2 ] CVE-2009-0792
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792
69 [ 3 ] CVE-2009-3743
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743
71 [ 4 ] CVE-2009-4270
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270
73 [ 5 ] CVE-2009-4897
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897
75 [ 6 ] CVE-2010-1628
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628
77 [ 7 ] CVE-2010-2055
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055
79 [ 8 ] CVE-2010-4054
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054
81 [ 9 ] CVE-2012-4405
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405
83
84 Availability
85 ============
86
87 This GLSA and any updates to it are available for viewing at
88 the Gentoo Security Website:
89
90 http://security.gentoo.org/glsa/glsa-201412-17.xml
91
92 Concerns?
93 =========
94
95 Security is a primary focus of Gentoo Linux and ensuring the
96 confidentiality and security of our users' machines is of utmost
97 importance to us. Any security concerns should be addressed to
98 security@g.o or alternatively, you may file a bug at
99 https://bugs.gentoo.org.
100
101 License
102 =======
103
104 Copyright 2014 Gentoo Foundation, Inc; referenced text
105 belongs to its owner(s).
106
107 The contents of this document are licensed under the
108 Creative Commons - Attribution / Share Alike license.
109
110 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups