Mandriva Linux Security Advisory 2010-134 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133.
3d73e4babfd4b5c82e8bde7f78c70aac24ac68d203e10354a9d51ebf133af653
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:134
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : July 15, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in ghostscript:
Stack-based buffer overflow in the errprintf function in base/gsmisc.c
in ghostscript 8.64 through 8.70 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted PDF file, as originally reported for debug logging code in
gdevcups.c in the CUPS output driver (CVE-2009-4270).
Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).
As a precaution ghostscriptc has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
77eb5421a46b0d03ca9d58116a0280f9 2008.0/i586/ghostscript-8.60-55.5mdv2008.0.i586.rpm
5a39cfe3e1aba95a8d658759a3a5119e 2008.0/i586/ghostscript-common-8.60-55.5mdv2008.0.i586.rpm
3b5e53fd83a0e41975cc84c329c21594 2008.0/i586/ghostscript-doc-8.60-55.5mdv2008.0.i586.rpm
5dcd284dfa85fc4b575e012edd3b39db 2008.0/i586/ghostscript-dvipdf-8.60-55.5mdv2008.0.i586.rpm
0da4a916b42c7b2e31b496ce9978da90 2008.0/i586/ghostscript-module-X-8.60-55.5mdv2008.0.i586.rpm
32f750da9a64ae9a25391515b72dd1ca 2008.0/i586/ghostscript-X-8.60-55.5mdv2008.0.i586.rpm
ce643129766855bf3976fb29be85684b 2008.0/i586/libgs8-8.60-55.5mdv2008.0.i586.rpm
edc97f2de46cb03283436b15b93cd093 2008.0/i586/libgs8-devel-8.60-55.5mdv2008.0.i586.rpm
3e3241cb2ff1f10159e4d20110de28ae 2008.0/i586/libijs1-0.35-55.5mdv2008.0.i586.rpm
4a9ee540dd1cf0af9f1580b4e85e95c0 2008.0/i586/libijs1-devel-0.35-55.5mdv2008.0.i586.rpm
05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
66084a543e49442a6c4c9643cf820d94 2008.0/x86_64/ghostscript-8.60-55.5mdv2008.0.x86_64.rpm
53145f9250eba28db65dd84697387ec5 2008.0/x86_64/ghostscript-common-8.60-55.5mdv2008.0.x86_64.rpm
f5345590252c85fe0f95917ddaf16f6e 2008.0/x86_64/ghostscript-doc-8.60-55.5mdv2008.0.x86_64.rpm
57ec8f3f89ebc005db47f0785a807118 2008.0/x86_64/ghostscript-dvipdf-8.60-55.5mdv2008.0.x86_64.rpm
63ad2bcb12966485bcea3495139e1ebd 2008.0/x86_64/ghostscript-module-X-8.60-55.5mdv2008.0.x86_64.rpm
7cf90c19eba8a01dd056723e27a51f40 2008.0/x86_64/ghostscript-X-8.60-55.5mdv2008.0.x86_64.rpm
ac8802d8efa7366b30e49883dca1295d 2008.0/x86_64/lib64gs8-8.60-55.5mdv2008.0.x86_64.rpm
e9caace723a0beae5d4183c6b96de445 2008.0/x86_64/lib64gs8-devel-8.60-55.5mdv2008.0.x86_64.rpm
798a01a8db97ea16d98e81ba6c8dea8e 2008.0/x86_64/lib64ijs1-0.35-55.5mdv2008.0.x86_64.rpm
3181d98d311b12946dc1042d89869529 2008.0/x86_64/lib64ijs1-devel-0.35-55.5mdv2008.0.x86_64.rpm
05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm
Mandriva Linux 2009.0:
a352af34572fb9e61623d4300c55d871 2009.0/i586/ghostscript-8.63-62.5mdv2009.0.i586.rpm
803e53b01b231e877e20ae4568c4f8e9 2009.0/i586/ghostscript-common-8.63-62.5mdv2009.0.i586.rpm
b5ae1e9bd8005bc6488e69118595f251 2009.0/i586/ghostscript-doc-8.63-62.5mdv2009.0.i586.rpm
05962f8f37a5f88bf8386f20860c4f62 2009.0/i586/ghostscript-dvipdf-8.63-62.5mdv2009.0.i586.rpm
214945b1dd718ca417a3ce68e419f620 2009.0/i586/ghostscript-module-X-8.63-62.5mdv2009.0.i586.rpm
c0529b523a194b493c1b940bec07c430 2009.0/i586/ghostscript-X-8.63-62.5mdv2009.0.i586.rpm
a70d34ac01d71685dc8c8494c8626896 2009.0/i586/libgs8-8.63-62.5mdv2009.0.i586.rpm
a02fe0054f39218ef0c4567d977fb352 2009.0/i586/libgs8-devel-8.63-62.5mdv2009.0.i586.rpm
4e289a72cd71091d2edb82061a400244 2009.0/i586/libijs1-0.35-62.5mdv2009.0.i586.rpm
ae1a12a3fd40a00b5c0de26a548aef19 2009.0/i586/libijs1-devel-0.35-62.5mdv2009.0.i586.rpm
b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
3f9f69cf8152862a4b31b7ea4c13b2ac 2009.0/x86_64/ghostscript-8.63-62.5mdv2009.0.x86_64.rpm
fb79da17f6fc6046cf4929e18e6a288d 2009.0/x86_64/ghostscript-common-8.63-62.5mdv2009.0.x86_64.rpm
360a7b1646f34a4efe01537b0cc60c66 2009.0/x86_64/ghostscript-doc-8.63-62.5mdv2009.0.x86_64.rpm
1c63d2d891288d29bd92373184fe5b4d 2009.0/x86_64/ghostscript-dvipdf-8.63-62.5mdv2009.0.x86_64.rpm
e5f01a1b3ef5578a7018a58f505ed7d5 2009.0/x86_64/ghostscript-module-X-8.63-62.5mdv2009.0.x86_64.rpm
b6f421b572edf107cad43ceae7fd3c1c 2009.0/x86_64/ghostscript-X-8.63-62.5mdv2009.0.x86_64.rpm
987f21c61e8f0912e50b1a95c1cb7038 2009.0/x86_64/lib64gs8-8.63-62.5mdv2009.0.x86_64.rpm
75f5bb7525ceb5d62b7c39d0b14990d4 2009.0/x86_64/lib64gs8-devel-8.63-62.5mdv2009.0.x86_64.rpm
48b98d77285131b557a414044edb1668 2009.0/x86_64/lib64ijs1-0.35-62.5mdv2009.0.x86_64.rpm
7067034cd5f794f80003f1e99d39d685 2009.0/x86_64/lib64ijs1-devel-0.35-62.5mdv2009.0.x86_64.rpm
b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm
Mandriva Linux 2009.1:
32dd01420bbe2d9a92871d3738f2da4e 2009.1/i586/ghostscript-8.64-65.3mdv2009.1.i586.rpm
23e4d42365de5b46d4c5c9054f74346b 2009.1/i586/ghostscript-common-8.64-65.3mdv2009.1.i586.rpm
b57dcba125a5690dcc28cdb8c05f4332 2009.1/i586/ghostscript-doc-8.64-65.3mdv2009.1.i586.rpm
f4b88cdf43836f42ddceb8a1aabe763f 2009.1/i586/ghostscript-dvipdf-8.64-65.3mdv2009.1.i586.rpm
0cc3d0308cd23be9824c1200e898b714 2009.1/i586/ghostscript-module-X-8.64-65.3mdv2009.1.i586.rpm
ebb659e60af62c274bef282022152d38 2009.1/i586/ghostscript-X-8.64-65.3mdv2009.1.i586.rpm
ff943713120978fab615299743cfa51f 2009.1/i586/libgs8-8.64-65.3mdv2009.1.i586.rpm
ec0c79022a682afae03f93fe1cc8a39f 2009.1/i586/libgs8-devel-8.64-65.3mdv2009.1.i586.rpm
751d6177f35e9ffcd9756f7ce2316105 2009.1/i586/libijs1-0.35-65.3mdv2009.1.i586.rpm
4b2a5919a2aff5cea48818060fdeabdc 2009.1/i586/libijs1-devel-0.35-65.3mdv2009.1.i586.rpm
c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
f64004b9f8ac0babd18ef804baee8e42 2009.1/x86_64/ghostscript-8.64-65.3mdv2009.1.x86_64.rpm
c9eded731e1fb8e0656d223cc8a70f13 2009.1/x86_64/ghostscript-common-8.64-65.3mdv2009.1.x86_64.rpm
94d39d62799e4140c6bdd8c77d3c5ee2 2009.1/x86_64/ghostscript-doc-8.64-65.3mdv2009.1.x86_64.rpm
11f9e7b24d865dc1cc9c4f98a5c818d1 2009.1/x86_64/ghostscript-dvipdf-8.64-65.3mdv2009.1.x86_64.rpm
db63a65d1e861654b4a122b219ad8ce0 2009.1/x86_64/ghostscript-module-X-8.64-65.3mdv2009.1.x86_64.rpm
35588ab514e30f1ff522c93c04b3d0ac 2009.1/x86_64/ghostscript-X-8.64-65.3mdv2009.1.x86_64.rpm
1f9e3b056ace305a8dd051adbddfa447 2009.1/x86_64/lib64gs8-8.64-65.3mdv2009.1.x86_64.rpm
09dd08b131fd2ced7c7a37915d8ea814 2009.1/x86_64/lib64gs8-devel-8.64-65.3mdv2009.1.x86_64.rpm
c1fa0c4f8f66994067a0ecc8e62d3d98 2009.1/x86_64/lib64ijs1-0.35-65.3mdv2009.1.x86_64.rpm
6a8269b04a47973e584e9f688f1f495c 2009.1/x86_64/lib64ijs1-devel-0.35-65.3mdv2009.1.x86_64.rpm
c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm
Mandriva Linux 2010.0:
49383f4ecfb6c67f90b4253f2086a4ef 2010.0/i586/ghostscript-8.64-69.2mdv2010.0.i586.rpm
f9aca4fbc7cca234123d3c5af21c6f97 2010.0/i586/ghostscript-common-8.64-69.2mdv2010.0.i586.rpm
6a0128bd507a0b80b3933de2227dbbd1 2010.0/i586/ghostscript-doc-8.64-69.2mdv2010.0.i586.rpm
e6390ef67a422eef9728e694b28aeb93 2010.0/i586/ghostscript-dvipdf-8.64-69.2mdv2010.0.i586.rpm
78ede34b12fa4bfa6e22e9ee4987831e 2010.0/i586/ghostscript-module-X-8.64-69.2mdv2010.0.i586.rpm
d51a4cc8715d52b9421f5f95ae750085 2010.0/i586/ghostscript-X-8.64-69.2mdv2010.0.i586.rpm
be5f616da9bd1c3418b0f47d570df3b7 2010.0/i586/libgs8-8.64-69.2mdv2010.0.i586.rpm
7d19299369d8ea4ae713670475722fe2 2010.0/i586/libgs8-devel-8.64-69.2mdv2010.0.i586.rpm
998d12bc315dcff5def6fe2a937175ff 2010.0/i586/libijs1-0.35-69.2mdv2010.0.i586.rpm
55f1a1c8a8a9da32e4129969ecbd7b4a 2010.0/i586/libijs1-devel-0.35-69.2mdv2010.0.i586.rpm
3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8c7785864300bc175e8f0de15e9039a7 2010.0/x86_64/ghostscript-8.64-69.2mdv2010.0.x86_64.rpm
8b3434aa65e1751390e2976f4d209593 2010.0/x86_64/ghostscript-common-8.64-69.2mdv2010.0.x86_64.rpm
0f0945a3a1e410359248f508971e3ac8 2010.0/x86_64/ghostscript-doc-8.64-69.2mdv2010.0.x86_64.rpm
6da764113d1bfbc952050b804b83bbd5 2010.0/x86_64/ghostscript-dvipdf-8.64-69.2mdv2010.0.x86_64.rpm
34718b39dd7b09d52e628f0db0f776b0 2010.0/x86_64/ghostscript-module-X-8.64-69.2mdv2010.0.x86_64.rpm
d3b3227b352b02514f8010b5cf107c96 2010.0/x86_64/ghostscript-X-8.64-69.2mdv2010.0.x86_64.rpm
0b92a8f8b4473c75f18fd9d1b25d1ae2 2010.0/x86_64/lib64gs8-8.64-69.2mdv2010.0.x86_64.rpm
f0d9d3af320d1df93720d9c02f9a5498 2010.0/x86_64/lib64gs8-devel-8.64-69.2mdv2010.0.x86_64.rpm
f264cb770d9532c68ee69c3e48a6472d 2010.0/x86_64/lib64ijs1-0.35-69.2mdv2010.0.x86_64.rpm
1b043258fa19ffe7e3b75f12c9872313 2010.0/x86_64/lib64ijs1-devel-0.35-69.2mdv2010.0.x86_64.rpm
3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
5e83aa57503fbbc9208881c41bf0617d mes5/i586/ghostscript-8.63-62.5mdvmes5.1.i586.rpm
dcca03b0ae071f83d49a3df7dfe5be04 mes5/i586/ghostscript-common-8.63-62.5mdvmes5.1.i586.rpm
f6519be8e34bf9deabf5f9a8fab97b9d mes5/i586/ghostscript-doc-8.63-62.5mdvmes5.1.i586.rpm
22ad173ae67e7febf9b052f5659936d8 mes5/i586/ghostscript-dvipdf-8.63-62.5mdvmes5.1.i586.rpm
47f9eb2574eff34348b41a0124171056 mes5/i586/ghostscript-module-X-8.63-62.5mdvmes5.1.i586.rpm
71a6d36a00f818cfbdff90010563bd1c mes5/i586/ghostscript-X-8.63-62.5mdvmes5.1.i586.rpm
cd879dd0960d9f46ea929d2ff515390a mes5/i586/libgs8-8.63-62.5mdvmes5.1.i586.rpm
653648203476bfbf855139a4b380394b mes5/i586/libgs8-devel-8.63-62.5mdvmes5.1.i586.rpm
6985d25ec775b44ffe31a91e09aaa2c1 mes5/i586/libijs1-0.35-62.5mdvmes5.1.i586.rpm
caf102b269fca1da65f74c0e8beb2089 mes5/i586/libijs1-devel-0.35-62.5mdvmes5.1.i586.rpm
effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
4a2946625f401314a651997e033ac21d mes5/x86_64/ghostscript-8.63-62.5mdvmes5.1.x86_64.rpm
ba4bc52599001153edf1e98a8e6ca848 mes5/x86_64/ghostscript-common-8.63-62.5mdvmes5.1.x86_64.rpm
00297d12b503b3f5659659b440bcd49e mes5/x86_64/ghostscript-doc-8.63-62.5mdvmes5.1.x86_64.rpm
d10f7b6178049a5751d3415c683d9588 mes5/x86_64/ghostscript-dvipdf-8.63-62.5mdvmes5.1.x86_64.rpm
bfd9c01188f12d58ce93ce2ef82ae167 mes5/x86_64/ghostscript-module-X-8.63-62.5mdvmes5.1.x86_64.rpm
3d5c373f2938b0ac44bfb2b6229a7593 mes5/x86_64/ghostscript-X-8.63-62.5mdvmes5.1.x86_64.rpm
599f1a6c68cb3d7013393e53dfd6521d mes5/x86_64/lib64gs8-8.63-62.5mdvmes5.1.x86_64.rpm
f715b89840a0cd1eda5fced024e132e0 mes5/x86_64/lib64gs8-devel-8.63-62.5mdvmes5.1.x86_64.rpm
22e46de13ec51543c6c4c146d09ee789 mes5/x86_64/lib64ijs1-0.35-62.5mdvmes5.1.x86_64.rpm
06795e43a579200b1175a6a7cbcd0e6a mes5/x86_64/lib64ijs1-devel-0.35-62.5mdvmes5.1.x86_64.rpm
effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMP3MqmqjQ0CJFipgRArDeAJ46HoacyStwR/xYVe5OcrxMtWiNvwCfWA5I
lSnMvrv7yLKJSEHbmeoifjo=
=HgXd
-----END PGP SIGNATURE-----