ghostscript-8.15.2-9.4.4.2AXS3

エラータID: AXSA:2009-43:02

Release date: 
Tuesday, April 28, 2009 - 15:50
Subject: 
ghostscript-8.15.2-9.4.4.2AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers.
If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package.
Fixed bugs:
CVE-2007-6725
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
CVE-2008-6679
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
CVE-2009-0196
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
CVE-2009-0792
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain native color space

Solution: 

Update packages.

CVEs: 
CVE-2007-6725
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
CVE-2008-6679
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
CVE-2009-0196
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
CVE-2009-0792
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.


Additional Info: 

N/A

Download: 

SRPMS
  1. ghostscript-8.15.2-9.4.4.2AXS3.src.rpm
    MD5: 833f1d07eaccb8e98f855c0868545520
    SHA-256: 2884b4b26956aa7cdef795bf39c24275aecc3ab59f11ce93990598a2bb59729f
    Size: 9.08 MB

Asianux Server 3 for x86
  1. ghostscript-8.15.2-9.4.4.2AXS3.i386.rpm
    MD5: 3c687397e7f034510d0403bd3451c472
    SHA-256: b342c98113c335a1094eae50277b63c3f80351fa70f966667bcf411ca5c26364
    Size: 6.64 MB
  2. ghostscript-devel-8.15.2-9.4.4.2AXS3.i386.rpm
    MD5: f35255ecaf1bcabaea1c2ecc91f14e57
    SHA-256: 62fd8da73063fa080dea85456d6ed2c6534b2b9155ee5a0b55bfe5dd725ac416
    Size: 40.85 kB
  3. ghostscript-gtk-8.15.2-9.4.4.2AXS3.i386.rpm
    MD5: 648d9eecac7e6b0f85709f4a14dd0278
    SHA-256: 0439e7160f9df700c97539faf19dc922fffcab9c4ed1e95414c34a814aec311d
    Size: 30.91 kB

Asianux Server 3 for x86_64
  1. ghostscript-8.15.2-9.4.4.2AXS3.x86_64.rpm
    MD5: 671021ddfa96b19a95c05c8ee29d363b
    SHA-256: 3c80947cb45aefb039e52f15fa538b01ea54c651bf3b221bbe07d8005f236324
    Size: 6.63 MB
  2. ghostscript-devel-8.15.2-9.4.4.2AXS3.x86_64.rpm
    MD5: 6f74428d0f8f857aaa1812be93612cdb
    SHA-256: e9ae6b6a4520d64d066146e02626ce9c42ba079001b16b24fb05ab5d58ffdc8f
    Size: 41.50 kB
  3. ghostscript-gtk-8.15.2-9.4.4.2AXS3.x86_64.rpm
    MD5: c53a8dfb25e23dce6e5b937b4ffbb2b5
    SHA-256: aa49bf1c06d29f36b043fa3888b18a6aaa86d8fea4dd87f3d0df927c329717f9
    Size: 31.08 kB