USN-961-1: Ghostscript vulnerabilities

13 July 2010

ghostscript vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS

Summary

Software Description

  • ghostscript

Details

David Srbecky discovered that Ghostscript incorrectly handled debug logging. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed files. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)

Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2010-1628)

Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
libgs8 - 8.71.dfsg.1-0ubuntu5.2
Ubuntu 9.10
libgs8 - 8.70.dfsg.1-0ubuntu3.1
Ubuntu 9.04
libgs8 - 8.64.dfsg.1-0ubuntu8.1
Ubuntu 8.04 LTS
libgs8 - 8.61.dfsg.1-1ubuntu3.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References