Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2010.0629 Multiple vulnerabilities corrected in ghostscript 19 July 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Mandriva Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2010-1628 CVE-2009-4270 Comment: This advisory references vulnerabilities in products which run on platforms other than Mandriva. It is recommended that administrators running ghostscript check for an updated version of the software for their operating system. Note: This bulletin contains three (3) advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:134 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : July 15, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver (CVE-2009-4270). Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter (CVE-2010-1628). As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 77eb5421a46b0d03ca9d58116a0280f9 2008.0/i586/ghostscript-8.60-55.5mdv2008.0.i586.rpm 5a39cfe3e1aba95a8d658759a3a5119e 2008.0/i586/ghostscript-common-8.60-55.5mdv2008.0.i586.rpm 3b5e53fd83a0e41975cc84c329c21594 2008.0/i586/ghostscript-doc-8.60-55.5mdv2008.0.i586.rpm 5dcd284dfa85fc4b575e012edd3b39db 2008.0/i586/ghostscript-dvipdf-8.60-55.5mdv2008.0.i586.rpm 0da4a916b42c7b2e31b496ce9978da90 2008.0/i586/ghostscript-module-X-8.60-55.5mdv2008.0.i586.rpm 32f750da9a64ae9a25391515b72dd1ca 2008.0/i586/ghostscript-X-8.60-55.5mdv2008.0.i586.rpm ce643129766855bf3976fb29be85684b 2008.0/i586/libgs8-8.60-55.5mdv2008.0.i586.rpm edc97f2de46cb03283436b15b93cd093 2008.0/i586/libgs8-devel-8.60-55.5mdv2008.0.i586.rpm 3e3241cb2ff1f10159e4d20110de28ae 2008.0/i586/libijs1-0.35-55.5mdv2008.0.i586.rpm 4a9ee540dd1cf0af9f1580b4e85e95c0 2008.0/i586/libijs1-devel-0.35-55.5mdv2008.0.i586.rpm 05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 66084a543e49442a6c4c9643cf820d94 2008.0/x86_64/ghostscript-8.60-55.5mdv2008.0.x86_64.rpm 53145f9250eba28db65dd84697387ec5 2008.0/x86_64/ghostscript-common-8.60-55.5mdv2008.0.x86_64.rpm f5345590252c85fe0f95917ddaf16f6e 2008.0/x86_64/ghostscript-doc-8.60-55.5mdv2008.0.x86_64.rpm 57ec8f3f89ebc005db47f0785a807118 2008.0/x86_64/ghostscript-dvipdf-8.60-55.5mdv2008.0.x86_64.rpm 63ad2bcb12966485bcea3495139e1ebd 2008.0/x86_64/ghostscript-module-X-8.60-55.5mdv2008.0.x86_64.rpm 7cf90c19eba8a01dd056723e27a51f40 2008.0/x86_64/ghostscript-X-8.60-55.5mdv2008.0.x86_64.rpm ac8802d8efa7366b30e49883dca1295d 2008.0/x86_64/lib64gs8-8.60-55.5mdv2008.0.x86_64.rpm e9caace723a0beae5d4183c6b96de445 2008.0/x86_64/lib64gs8-devel-8.60-55.5mdv2008.0.x86_64.rpm 798a01a8db97ea16d98e81ba6c8dea8e 2008.0/x86_64/lib64ijs1-0.35-55.5mdv2008.0.x86_64.rpm 3181d98d311b12946dc1042d89869529 2008.0/x86_64/lib64ijs1-devel-0.35-55.5mdv2008.0.x86_64.rpm 05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm Mandriva Linux 2009.0: a352af34572fb9e61623d4300c55d871 2009.0/i586/ghostscript-8.63-62.5mdv2009.0.i586.rpm 803e53b01b231e877e20ae4568c4f8e9 2009.0/i586/ghostscript-common-8.63-62.5mdv2009.0.i586.rpm b5ae1e9bd8005bc6488e69118595f251 2009.0/i586/ghostscript-doc-8.63-62.5mdv2009.0.i586.rpm 05962f8f37a5f88bf8386f20860c4f62 2009.0/i586/ghostscript-dvipdf-8.63-62.5mdv2009.0.i586.rpm 214945b1dd718ca417a3ce68e419f620 2009.0/i586/ghostscript-module-X-8.63-62.5mdv2009.0.i586.rpm c0529b523a194b493c1b940bec07c430 2009.0/i586/ghostscript-X-8.63-62.5mdv2009.0.i586.rpm a70d34ac01d71685dc8c8494c8626896 2009.0/i586/libgs8-8.63-62.5mdv2009.0.i586.rpm a02fe0054f39218ef0c4567d977fb352 2009.0/i586/libgs8-devel-8.63-62.5mdv2009.0.i586.rpm 4e289a72cd71091d2edb82061a400244 2009.0/i586/libijs1-0.35-62.5mdv2009.0.i586.rpm ae1a12a3fd40a00b5c0de26a548aef19 2009.0/i586/libijs1-devel-0.35-62.5mdv2009.0.i586.rpm b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3f9f69cf8152862a4b31b7ea4c13b2ac 2009.0/x86_64/ghostscript-8.63-62.5mdv2009.0.x86_64.rpm fb79da17f6fc6046cf4929e18e6a288d 2009.0/x86_64/ghostscript-common-8.63-62.5mdv2009.0.x86_64.rpm 360a7b1646f34a4efe01537b0cc60c66 2009.0/x86_64/ghostscript-doc-8.63-62.5mdv2009.0.x86_64.rpm 1c63d2d891288d29bd92373184fe5b4d 2009.0/x86_64/ghostscript-dvipdf-8.63-62.5mdv2009.0.x86_64.rpm e5f01a1b3ef5578a7018a58f505ed7d5 2009.0/x86_64/ghostscript-module-X-8.63-62.5mdv2009.0.x86_64.rpm b6f421b572edf107cad43ceae7fd3c1c 2009.0/x86_64/ghostscript-X-8.63-62.5mdv2009.0.x86_64.rpm 987f21c61e8f0912e50b1a95c1cb7038 2009.0/x86_64/lib64gs8-8.63-62.5mdv2009.0.x86_64.rpm 75f5bb7525ceb5d62b7c39d0b14990d4 2009.0/x86_64/lib64gs8-devel-8.63-62.5mdv2009.0.x86_64.rpm 48b98d77285131b557a414044edb1668 2009.0/x86_64/lib64ijs1-0.35-62.5mdv2009.0.x86_64.rpm 7067034cd5f794f80003f1e99d39d685 2009.0/x86_64/lib64ijs1-devel-0.35-62.5mdv2009.0.x86_64.rpm b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm Mandriva Linux 2009.1: 32dd01420bbe2d9a92871d3738f2da4e 2009.1/i586/ghostscript-8.64-65.3mdv2009.1.i586.rpm 23e4d42365de5b46d4c5c9054f74346b 2009.1/i586/ghostscript-common-8.64-65.3mdv2009.1.i586.rpm b57dcba125a5690dcc28cdb8c05f4332 2009.1/i586/ghostscript-doc-8.64-65.3mdv2009.1.i586.rpm f4b88cdf43836f42ddceb8a1aabe763f 2009.1/i586/ghostscript-dvipdf-8.64-65.3mdv2009.1.i586.rpm 0cc3d0308cd23be9824c1200e898b714 2009.1/i586/ghostscript-module-X-8.64-65.3mdv2009.1.i586.rpm ebb659e60af62c274bef282022152d38 2009.1/i586/ghostscript-X-8.64-65.3mdv2009.1.i586.rpm ff943713120978fab615299743cfa51f 2009.1/i586/libgs8-8.64-65.3mdv2009.1.i586.rpm ec0c79022a682afae03f93fe1cc8a39f 2009.1/i586/libgs8-devel-8.64-65.3mdv2009.1.i586.rpm 751d6177f35e9ffcd9756f7ce2316105 2009.1/i586/libijs1-0.35-65.3mdv2009.1.i586.rpm 4b2a5919a2aff5cea48818060fdeabdc 2009.1/i586/libijs1-devel-0.35-65.3mdv2009.1.i586.rpm c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f64004b9f8ac0babd18ef804baee8e42 2009.1/x86_64/ghostscript-8.64-65.3mdv2009.1.x86_64.rpm c9eded731e1fb8e0656d223cc8a70f13 2009.1/x86_64/ghostscript-common-8.64-65.3mdv2009.1.x86_64.rpm 94d39d62799e4140c6bdd8c77d3c5ee2 2009.1/x86_64/ghostscript-doc-8.64-65.3mdv2009.1.x86_64.rpm 11f9e7b24d865dc1cc9c4f98a5c818d1 2009.1/x86_64/ghostscript-dvipdf-8.64-65.3mdv2009.1.x86_64.rpm db63a65d1e861654b4a122b219ad8ce0 2009.1/x86_64/ghostscript-module-X-8.64-65.3mdv2009.1.x86_64.rpm 35588ab514e30f1ff522c93c04b3d0ac 2009.1/x86_64/ghostscript-X-8.64-65.3mdv2009.1.x86_64.rpm 1f9e3b056ace305a8dd051adbddfa447 2009.1/x86_64/lib64gs8-8.64-65.3mdv2009.1.x86_64.rpm 09dd08b131fd2ced7c7a37915d8ea814 2009.1/x86_64/lib64gs8-devel-8.64-65.3mdv2009.1.x86_64.rpm c1fa0c4f8f66994067a0ecc8e62d3d98 2009.1/x86_64/lib64ijs1-0.35-65.3mdv2009.1.x86_64.rpm 6a8269b04a47973e584e9f688f1f495c 2009.1/x86_64/lib64ijs1-devel-0.35-65.3mdv2009.1.x86_64.rpm c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 49383f4ecfb6c67f90b4253f2086a4ef 2010.0/i586/ghostscript-8.64-69.2mdv2010.0.i586.rpm f9aca4fbc7cca234123d3c5af21c6f97 2010.0/i586/ghostscript-common-8.64-69.2mdv2010.0.i586.rpm 6a0128bd507a0b80b3933de2227dbbd1 2010.0/i586/ghostscript-doc-8.64-69.2mdv2010.0.i586.rpm e6390ef67a422eef9728e694b28aeb93 2010.0/i586/ghostscript-dvipdf-8.64-69.2mdv2010.0.i586.rpm 78ede34b12fa4bfa6e22e9ee4987831e 2010.0/i586/ghostscript-module-X-8.64-69.2mdv2010.0.i586.rpm d51a4cc8715d52b9421f5f95ae750085 2010.0/i586/ghostscript-X-8.64-69.2mdv2010.0.i586.rpm be5f616da9bd1c3418b0f47d570df3b7 2010.0/i586/libgs8-8.64-69.2mdv2010.0.i586.rpm 7d19299369d8ea4ae713670475722fe2 2010.0/i586/libgs8-devel-8.64-69.2mdv2010.0.i586.rpm 998d12bc315dcff5def6fe2a937175ff 2010.0/i586/libijs1-0.35-69.2mdv2010.0.i586.rpm 55f1a1c8a8a9da32e4129969ecbd7b4a 2010.0/i586/libijs1-devel-0.35-69.2mdv2010.0.i586.rpm 3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8c7785864300bc175e8f0de15e9039a7 2010.0/x86_64/ghostscript-8.64-69.2mdv2010.0.x86_64.rpm 8b3434aa65e1751390e2976f4d209593 2010.0/x86_64/ghostscript-common-8.64-69.2mdv2010.0.x86_64.rpm 0f0945a3a1e410359248f508971e3ac8 2010.0/x86_64/ghostscript-doc-8.64-69.2mdv2010.0.x86_64.rpm 6da764113d1bfbc952050b804b83bbd5 2010.0/x86_64/ghostscript-dvipdf-8.64-69.2mdv2010.0.x86_64.rpm 34718b39dd7b09d52e628f0db0f776b0 2010.0/x86_64/ghostscript-module-X-8.64-69.2mdv2010.0.x86_64.rpm d3b3227b352b02514f8010b5cf107c96 2010.0/x86_64/ghostscript-X-8.64-69.2mdv2010.0.x86_64.rpm 0b92a8f8b4473c75f18fd9d1b25d1ae2 2010.0/x86_64/lib64gs8-8.64-69.2mdv2010.0.x86_64.rpm f0d9d3af320d1df93720d9c02f9a5498 2010.0/x86_64/lib64gs8-devel-8.64-69.2mdv2010.0.x86_64.rpm f264cb770d9532c68ee69c3e48a6472d 2010.0/x86_64/lib64ijs1-0.35-69.2mdv2010.0.x86_64.rpm 1b043258fa19ffe7e3b75f12c9872313 2010.0/x86_64/lib64ijs1-devel-0.35-69.2mdv2010.0.x86_64.rpm 3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 5e83aa57503fbbc9208881c41bf0617d mes5/i586/ghostscript-8.63-62.5mdvmes5.1.i586.rpm dcca03b0ae071f83d49a3df7dfe5be04 mes5/i586/ghostscript-common-8.63-62.5mdvmes5.1.i586.rpm f6519be8e34bf9deabf5f9a8fab97b9d mes5/i586/ghostscript-doc-8.63-62.5mdvmes5.1.i586.rpm 22ad173ae67e7febf9b052f5659936d8 mes5/i586/ghostscript-dvipdf-8.63-62.5mdvmes5.1.i586.rpm 47f9eb2574eff34348b41a0124171056 mes5/i586/ghostscript-module-X-8.63-62.5mdvmes5.1.i586.rpm 71a6d36a00f818cfbdff90010563bd1c mes5/i586/ghostscript-X-8.63-62.5mdvmes5.1.i586.rpm cd879dd0960d9f46ea929d2ff515390a mes5/i586/libgs8-8.63-62.5mdvmes5.1.i586.rpm 653648203476bfbf855139a4b380394b mes5/i586/libgs8-devel-8.63-62.5mdvmes5.1.i586.rpm 6985d25ec775b44ffe31a91e09aaa2c1 mes5/i586/libijs1-0.35-62.5mdvmes5.1.i586.rpm caf102b269fca1da65f74c0e8beb2089 mes5/i586/libijs1-devel-0.35-62.5mdvmes5.1.i586.rpm effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 4a2946625f401314a651997e033ac21d mes5/x86_64/ghostscript-8.63-62.5mdvmes5.1.x86_64.rpm ba4bc52599001153edf1e98a8e6ca848 mes5/x86_64/ghostscript-common-8.63-62.5mdvmes5.1.x86_64.rpm 00297d12b503b3f5659659b440bcd49e mes5/x86_64/ghostscript-doc-8.63-62.5mdvmes5.1.x86_64.rpm d10f7b6178049a5751d3415c683d9588 mes5/x86_64/ghostscript-dvipdf-8.63-62.5mdvmes5.1.x86_64.rpm bfd9c01188f12d58ce93ce2ef82ae167 mes5/x86_64/ghostscript-module-X-8.63-62.5mdvmes5.1.x86_64.rpm 3d5c373f2938b0ac44bfb2b6229a7593 mes5/x86_64/ghostscript-X-8.63-62.5mdvmes5.1.x86_64.rpm 599f1a6c68cb3d7013393e53dfd6521d mes5/x86_64/lib64gs8-8.63-62.5mdvmes5.1.x86_64.rpm f715b89840a0cd1eda5fced024e132e0 mes5/x86_64/lib64gs8-devel-8.63-62.5mdvmes5.1.x86_64.rpm 22e46de13ec51543c6c4c146d09ee789 mes5/x86_64/lib64ijs1-0.35-62.5mdvmes5.1.x86_64.rpm 06795e43a579200b1175a6a7cbcd0e6a mes5/x86_64/lib64ijs1-devel-0.35-62.5mdvmes5.1.x86_64.rpm effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:135 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : July 15, 2010 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver (CVE-2009-4270). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270 _______________________________________________________________________ Updated Packages: Corporate 4.0: 6678d58a9fbaa84101ca4ac373720e4d corporate/4.0/i586/ghostscript-8.15-46.4.20060mlcs4.i586.rpm 9f43cdac3dea08e4cf9d60f852423b11 corporate/4.0/i586/ghostscript-common-8.15-46.4.20060mlcs4.i586.rpm 0fa2c2e58dd00e9bf040c1e4374534d9 corporate/4.0/i586/ghostscript-dvipdf-8.15-46.4.20060mlcs4.i586.rpm 8b9d1be9204240d6976909628c5bb540 corporate/4.0/i586/ghostscript-module-X-8.15-46.4.20060mlcs4.i586.rpm 28141332bfa7f600abf6d039532e8ac2 corporate/4.0/i586/ghostscript-X-8.15-46.4.20060mlcs4.i586.rpm 437b0369e2f73652718ca9ba256dd8f2 corporate/4.0/i586/libgs8-8.15-46.4.20060mlcs4.i586.rpm bc5f1d8a48c96b526fbd6ad6359ca1e3 corporate/4.0/i586/libgs8-devel-8.15-46.4.20060mlcs4.i586.rpm 95e7106fab4913bf518811c4e5bb9dde corporate/4.0/i586/libijs1-0.35-46.4.20060mlcs4.i586.rpm 7c436687ba13dd887f020df9bf349751 corporate/4.0/i586/libijs1-devel-0.35-46.4.20060mlcs4.i586.rpm 8cb775bb21996923fdf7fcda83f8b875 corporate/4.0/SRPMS/ghostscript-8.15-46.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 885989f897cbdf06de4f162653aabf7c corporate/4.0/x86_64/ghostscript-8.15-46.4.20060mlcs4.x86_64.rpm aebe81b69bac98a384ec372836f407e7 corporate/4.0/x86_64/ghostscript-common-8.15-46.4.20060mlcs4.x86_64.rpm d1ebcf429948ce584862134b1cdce5b3 corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.4.20060mlcs4.x86_64.rpm 32a8d648d0bdd0112c6da2c0e88d7d7b corporate/4.0/x86_64/ghostscript-module-X-8.15-46.4.20060mlcs4.x86_64.rpm 53c9b945243254c7c0238a2f3424bae6 corporate/4.0/x86_64/ghostscript-X-8.15-46.4.20060mlcs4.x86_64.rpm a4fb31d33215aede77de317d4a5af8cf corporate/4.0/x86_64/lib64gs8-8.15-46.4.20060mlcs4.x86_64.rpm 5a7b25aef9151d01dfeb17ab02e3f0ad corporate/4.0/x86_64/lib64gs8-devel-8.15-46.4.20060mlcs4.x86_64.rpm 30f3ea1e0c1d2596bf0134e39856afec corporate/4.0/x86_64/lib64ijs1-0.35-46.4.20060mlcs4.x86_64.rpm a63f2d6d8347c2fc71b569db44b88508 corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.4.20060mlcs4.x86_64.rpm 8cb775bb21996923fdf7fcda83f8b875 corporate/4.0/SRPMS/ghostscript-8.15-46.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:136 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : July 15, 2010 Affected: 2010.1 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ghostscript: Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter (CVE-2010-1628). As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 52ada8603598f972295d5168e6fc0434 2010.1/i586/ghostscript-8.71-71.1mdv2010.1.i586.rpm 49e835c4d409a4b51500c20fe8de3d6f 2010.1/i586/ghostscript-common-8.71-71.1mdv2010.1.i586.rpm f27827dc5bcc6b081cf601fac7b7a4ea 2010.1/i586/ghostscript-doc-8.71-71.1mdv2010.1.i586.rpm 7ce887ce718f69e4ce0b0d43d581988d 2010.1/i586/ghostscript-dvipdf-8.71-71.1mdv2010.1.i586.rpm 1b30882e7e0b02d432a2edc8c6a257b5 2010.1/i586/ghostscript-module-X-8.71-71.1mdv2010.1.i586.rpm 2cbba471eda63c968bdae3e102ec6ddd 2010.1/i586/ghostscript-X-8.71-71.1mdv2010.1.i586.rpm 76c3c503459ad32f4d9c3c0e345362f2 2010.1/i586/libgs8-8.71-71.1mdv2010.1.i586.rpm fc07d8dbe1b83aed46c6f1f46ae15b93 2010.1/i586/libgs8-devel-8.71-71.1mdv2010.1.i586.rpm 3d9699871ced5cc5a82538f8ad17de5b 2010.1/i586/libijs1-0.35-71.1mdv2010.1.i586.rpm 321d432ea260dc490dbf6e814877f2d3 2010.1/i586/libijs1-devel-0.35-71.1mdv2010.1.i586.rpm f17ad183fe142ca61a425a056f16275b 2010.1/SRPMS/ghostscript-8.71-71.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 38f04afd1dce2f5b439d2c1749f1851d 2010.1/x86_64/ghostscript-8.71-71.1mdv2010.1.x86_64.rpm 2c91f0e4d93841e327aaaa6814229b6d 2010.1/x86_64/ghostscript-common-8.71-71.1mdv2010.1.x86_64.rpm 48b7d45ac50aa29a79e8d2fbd6f8cfc9 2010.1/x86_64/ghostscript-doc-8.71-71.1mdv2010.1.x86_64.rpm b0a17230d64739907ad5c5e593fa2c1d 2010.1/x86_64/ghostscript-dvipdf-8.71-71.1mdv2010.1.x86_64.rpm d655ed0a57875606b6425daae6c2e708 2010.1/x86_64/ghostscript-module-X-8.71-71.1mdv2010.1.x86_64.rpm f0b74d848e9d1b1d2cc446c8c1a509c9 2010.1/x86_64/ghostscript-X-8.71-71.1mdv2010.1.x86_64.rpm ed2a3da085458421c081a63ea261c9ce 2010.1/x86_64/lib64gs8-8.71-71.1mdv2010.1.x86_64.rpm 72aedcfba3f1f4aca1637775d6ac22dd 2010.1/x86_64/lib64gs8-devel-8.71-71.1mdv2010.1.x86_64.rpm a02453064b2ef53d6eee3353af94bc09 2010.1/x86_64/lib64ijs1-0.35-71.1mdv2010.1.x86_64.rpm a667c78c5c908e7984b6a816f6d5f467 2010.1/x86_64/lib64ijs1-devel-0.35-71.1mdv2010.1.x86_64.rpm f17ad183fe142ca61a425a056f16275b 2010.1/SRPMS/ghostscript-8.71-71.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFMQ+dk/iFOrG6YcBERAsBRAKDZcyJtOd9sjXls1ybbVIrJmtsDLACghEiJ NKPobPpZX7612YP1IgEVSUE= =lBtj -----END PGP SIGNATURE-----