Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63678
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1746-1 (ghostscript)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to ghostscript
announced via advisory DSA 1746-1.

Two security issues have been discovered in ghostscript, the GPL
Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2009-0583

Jan Lieskovsky discovered multiple integer overflows in the ICC library,
which allow the execution of arbitrary code via crafted ICC profiles in
PostScript files with embedded images.

CVE-2009-0584

Jan Lieskovsky discovered insufficient upper-bounds checks on certain
variable sizes in the ICC library, which allow the execution of
arbitrary code via crafted ICC profiles in PostScript files with
embedded images.


For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny1.

For the oldstable distribution (etch), these problems have been fixed
in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable
is called gs-gpl.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your ghostscript/gs-gpl packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201746-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0583
AUSCERT Advisory: ESB-2009.0259
http://www.auscert.org.au/render.html?it=10666
BugTraq ID: 34184
http://www.securityfocus.com/bid/34184
Bugtraq: 20090319 rPSA-2009-0050-1 ghostscript (Google Search)
http://www.securityfocus.com/archive/1/501994/100/0/threaded
Debian Security Information: DSA-1746 (Google Search)
http://www.debian.org/security/2009/dsa-1746
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
http://www.redhat.com/support/errata/RHSA-2009-0345.html
http://securitytracker.com/id?1021868
http://secunia.com/advisories/34266
http://secunia.com/advisories/34373
http://secunia.com/advisories/34381
http://secunia.com/advisories/34393
http://secunia.com/advisories/34398
http://secunia.com/advisories/34418
http://secunia.com/advisories/34437
http://secunia.com/advisories/34443
http://secunia.com/advisories/34469
http://secunia.com/advisories/34729
http://secunia.com/advisories/35559
http://secunia.com/advisories/35569
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://www.ubuntu.com/usn/USN-743-1
https://usn.ubuntu.com/757-1/
http://www.vupen.com/english/advisories/2009/0776
http://www.vupen.com/english/advisories/2009/0777
http://www.vupen.com/english/advisories/2009/0816
http://www.vupen.com/english/advisories/2009/1708
XForce ISS Database: ghostscript-icclib-native-color-bo(49329)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
Common Vulnerability Exposure (CVE) ID: CVE-2009-0584
http://osvdb.org/52988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
XForce ISS Database: ghostscript-icclib-bo(49327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.