Debian 5.0 Ghostscript Update DSA-2093-1 Moderate: Memory Corruption
debian
August 19, 2010
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter
Summary
Two security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-4897
It was discovered a buffer overflow that allows remote attackers to
execute arbitrary code or cause a denial of service via a crafted PDF
document containing a long name.
CVE-2010-1628
Dan Rosenberg discovered that ghostscript incorrectly handled certain
recursive Postscript files. An attacker could execute arbitrary code
via a PostScript file containing unlimited recursive procedure
invocations, which trigger memory corruption in the stack of the
interpreter.
For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny5
For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 8.71~dfsg2-4
We recommend that you upgrade your ghostscript package.
Upgrade instructions
- --------------------
wget url
...
PREVIOUS
NEXT
Package: ghostscript
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!