Description: | Description: The remote host is missing an update to ghostscript announced via advisory FEDORA-2009-3709.
Update Information:
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device).
ChangeLog:
* Wed Apr 15 2009 Tim Waugh 8.63-6 - Applied patch to fix CVE-2009-0792 (bug #491853). - Applied patch to fix CVE-2009-0196 (bug #493379). - Applied patch to fix CVE-2008-6679 (bug #493445). * Fri Mar 20 2009 Tim Waugh 8.63-5 - Applied patch to fix CVE-2009-0583 (bug #487742) and CVE-2009-0584 (bug #487744).
References:
[ 1 ] Bug #493445 - CVE-2008-6679 ghostscript: Buffer overflow in BaseFont writer module for pdfwrite defice https://bugzilla.redhat.com/show_bug.cgi?id=493445 [ 2 ] Bug #493379 - CVE-2009-0196 ghostscript: Missing boundary check in Ghostscript's jbig2dec library https://bugzilla.redhat.com/show_bug.cgi?id=493379 [ 3 ] Bug #491853 - CVE-2009-0792 ghostscript, argyllcms: Incomplete fix for CVE-2009-0583 https://bugzilla.redhat.com/show_bug.cgi?id=491853
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update ghostscript' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3709
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|