Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Debian 5.0 Ghostscript Update DSA-2093-1 Moderate: Memory Corruption

debian
Calendar Grey August 19, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter

Summary

Two security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2009-4897

It was discovered a buffer overflow that allows remote attackers to
execute arbitrary code or cause a denial of service via a crafted PDF
document containing a long name.


CVE-2010-1628

Dan Rosenberg discovered that ghostscript incorrectly handled certain
recursive Postscript files. An attacker could execute arbitrary code
via a PostScript file containing unlimited recursive procedure
invocations, which trigger memory corruption in the stack of the
interpreter.


For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny5

For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 8.71~dfsg2-4

We recommend that you upgrade your ghostscript package.

Upgrade instructions
- --------------------

wget url
...

Read the Full Advisory

Package: ghostscript

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.