Säkerhetsbulletin från Debian
DSA-2093-1 ghostscript -- flera sårbarheter
- Rapporterat den:
- 2010-08-19
- Berörda paket:
- ghostscript
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 584516.
I Mitres CVE-förteckning: CVE-2009-4897, CVE-2010-1628. - Ytterligare information:
-
Två säkerhetsproblem har upptäckts i Ghostscript, en PostScript-/PDF-tolkare. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2009-4897
Ett buffertspill upptäcktes som tillåter angripare utifrån att exekvera godtycklig kod eller orsaka en överbelastning med hjälp av ett specialskrivet PDF-dokument som innehåller ett långt namn.
- CVE-2010-1628
Dan Rosenberg upptäckte att ghostscript hanterar vissa rekursiva postscriptfiler på ett felaktigt sätt. En angripare kunde exekvera godtycklig kod med hjälp av en postscriptfil innehållandes obegränsade rekursiva metodanrop, vilket startade minneskorruption i tolkarens stack.
För den stabila utgåvan (Lenny) har dessa problem rättats i version 8.62.dfsg.1-3.2lenny5
För uttestningsutgåvan (Squeeze) och den instabila utgåvan (Sid) har dessa problem rättats i version 8.71~dfsg2-4
Vi rekommenderar att ni uppgraderar ert ghostscript-paket.
- CVE-2009-4897
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.dsc
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny5_all.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_alpha.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_alpha.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_alpha.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_alpha.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_amd64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_amd64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_amd64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_amd64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_arm.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_arm.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_arm.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_arm.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_armel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_armel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_armel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_armel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_hppa.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_hppa.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_hppa.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_hppa.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_ia64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_ia64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_ia64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_ia64.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_ia64.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_s390.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_s390.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_s390.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_s390.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_sparc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_sparc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_sparc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_sparc.deb
- http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.