Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code
Date: Mon, 23 Mar 2009 22:33:48
Message-Id: 49C80E58.9080001@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200903-37
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Ghostscript: User-assisted execution of arbitrary code
9 Date: March 23, 2009
10 Bugs: #261087
11 ID: 200903-37
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple integer overflows in the Ghostscript ICC library might allow
19 for user-assisted execution of arbitrary code.
20
21 Background
22 ==========
23
24 Ghostscript is an interpreter for the PostScript language and the
25 Portable Document Format (PDF).
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-text/ghostscript-gpl < 8.64-r2 >= 8.64-r2
34 2 app-text/ghostscript-gnu < 8.62.0 >= 8.62.0
35 3 app-text/ghostscript-esp <= 8.15.4-r1 Vulnerable!
36 -------------------------------------------------------------------
37 NOTE: Certain packages are still vulnerable. Users should migrate
38 to another package if one is available or wait for the
39 existing packages to be marked stable by their
40 architecture maintainers.
41 -------------------------------------------------------------------
42 3 affected packages on all of their supported architectures.
43 -------------------------------------------------------------------
44
45 Description
46 ===========
47
48 Jan Lieskovsky from the Red Hat Security Response Team discovered the
49 following vulnerabilities in Ghostscript's ICC Library:
50
51 * Multiple integer overflows (CVE-2009-0583).
52
53 * Multiple insufficient bounds checks on certain variable sizes
54 (CVE-2009-0584).
55
56 Impact
57 ======
58
59 A remote attacker could entice a user to open a specially crafted
60 PostScript file containing images and a malicious ICC profile, possibly
61 resulting in the execution of arbitrary code with the privileges of the
62 user running the application.
63
64 Workaround
65 ==========
66
67 There is no known workaround at this time.
68
69 Resolution
70 ==========
71
72 All GPL Ghostscript users should upgrade to the latest version:
73
74 # emerge --sync
75 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.64-r2"
76
77 All GNU Ghostscript users should upgrade to the latest version:
78
79 # emerge --sync
80 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.62.0"
81
82 We recommend that users unmerge ESP Ghostscript and use GPL or GNU
83 Ghostscript instead:
84
85 # emerge --unmerge "app-text/ghostscript-esp"
86
87 For installation instructions, see above.
88
89 References
90 ==========
91
92 [ 1 ] CVE-2009-0583
93 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
94 [ 2 ] CVE-2009-0584
95 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
96
97 Availability
98 ============
99
100 This GLSA and any updates to it are available for viewing at
101 the Gentoo Security Website:
102
103 http://security.gentoo.org/glsa/glsa-200903-37.xml
104
105 Concerns?
106 =========
107
108 Security is a primary focus of Gentoo Linux and ensuring the
109 confidentiality and security of our users machines is of utmost
110 importance to us. Any security concerns should be addressed to
111 security@g.o or alternatively, you may file a bug at
112 http://bugs.gentoo.org.
113
114 License
115 =======
116
117 Copyright 2009 Gentoo Foundation, Inc; referenced text
118 belongs to its owner(s).
119
120 The contents of this document are licensed under the
121 Creative Commons - Attribution / Share Alike license.
122
123 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature