1. Ubuntu Security Notices
  2. USN-961-1

USN-961-1: Ghostscript vulnerabilities

Publication date

13 July 2010

Overview

Releases

Packages

Details

David Srbecky discovered that Ghostscript incorrectly handled debug
logging. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. This issue only
affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
(CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a crafted
Postscript or PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)

Dan Rosenberg discovered that Ghostscript...

David Srbecky discovered that Ghostscript incorrectly handled debug
logging. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. This issue only
affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
(CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a crafted
Postscript or PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)

Dan Rosenberg discovered that Ghostscript incorrectly handled certain
recursive Postscript files. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2010-1628)

Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript
incorrectly handled certain malformed Postscript files. If a user or
automated system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic libgs8 –  8.70.dfsg.1-0ubuntu3.1
9.04 jaunty libgs8 –  8.64.dfsg.1-0ubuntu8.1
8.04 hardy libgs8 –  8.61.dfsg.1-1ubuntu3.3
10.04 lucid libgs8 –  8.71.dfsg.1-0ubuntu5.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›