ghostscript-8.15.2-9.4.4.1AXS3
エラータID: AXSA:2009-29:01
リリース日:
2009/04/01 Wednesday - 12:09
題名:
ghostscript-8.15.2-9.4.4.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
ghostscriptで使用されているicclibには複数の整数オーバーフローが存在し、サービス拒否 (ヒープベースのバッファオーバーフロー、アプリケーションのクラッシュ) を引き起こしたり、任意のコードが実行される脆弱性があります。(CVE-2009-0583, CVE-2009-0584)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-0583
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
CVE-2009-0584
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
追加情報:
N/A
ダウンロード:
SRPMS
- ghostscript-8.15.2-9.4.4.1AXS3.src.rpm
MD5: e70fb2ad1ac169b51e55e9ffd029604a
SHA-256: 52060545c06f55fd883690c56c2030b3a27d6b1beb89067b7044f419cc3ecca6
Size: 9.07 MB
Asianux Server 3 for x86
- ghostscript-8.15.2-9.4.4.1AXS3.i386.rpm
MD5: 3b5c2afd561738e0fcf54c5899608185
SHA-256: 98af55f261f94d0a538bde51447b686161cbd6ba0ff5081c5a5d7efabd382958
Size: 6.64 MB - ghostscript-devel-8.15.2-9.4.4.1AXS3.i386.rpm
MD5: b75c45e761b7986bd392be20ecd71019
SHA-256: de523ca8cd9795cb345432cc85b250a92ca272a4781fd436516704bac3cdfd95
Size: 40.54 kB - ghostscript-gtk-8.15.2-9.4.4.1AXS3.i386.rpm
MD5: b8c54744fe9656dc061d42421bafdf00
SHA-256: 68cfef2695e418d9772e5c3e5d532b6d71f8f7113bde322382ecca0637628d18
Size: 30.49 kB
Asianux Server 3 for x86_64
- ghostscript-8.15.2-9.4.4.1AXS3.x86_64.rpm
MD5: 7b6125c6a2be35b632bfe1ecdb3ff20a
SHA-256: 9e9af8271e1e4ff955d9ac535687373e416baba3ac74055721ac4c2804e32b55
Size: 6.63 MB - ghostscript-devel-8.15.2-9.4.4.1AXS3.x86_64.rpm
MD5: 7e1121834c90deb9909481bb6aef5ad2
SHA-256: 1755b20d0996cd307c3f018ebad688a1f95bde01bf8755773f0386b9ab4222b0
Size: 41.09 kB - ghostscript-gtk-8.15.2-9.4.4.1AXS3.x86_64.rpm
MD5: 8259b36021bf923d2a74434cefa3db2a
SHA-256: 625a0c95724d0e58fe7040ce64e46a466ae08189aee64f5199ef1703c4a162e3
Size: 30.66 kB