Linux Security
    Linux Security
    Linux Security

    Debian: New ghostscript packages fix arbitrary code execution

    Date 27 Feb 2008
    3438
    Posted By LinuxSecurity Advisories
    Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1510-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Thijs Kinkhorst
    February 27, 2008                     https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : gs-esp / gs-gpl
    Vulnerability  : buffer overflow
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0411
    
    Chris Evans discovered a buffer overflow in the color space handling
    code of the Ghostscript PostScript/PDF interpreter, which might result
    in the execution of arbitrary code if a user is tricked into processing
    a malformed file.
    
    For the stable distribution (etch), this problem has been fixed in version
    8.54.dfsg.1-5etch1 of gs-gpl and 8.15.3.dfsg.1-1etch1 of gs-esp.
    
    For the old stable distribution (sarge), this problem has been fixed in
    version 8.01-6 of gs-gpl and 7.07.1-9sarge1 of gs-esp.
    
    The unstable distribution (sid) will be fixed soon.
    
    We recommend that you upgrade your gs-esp and gs-gpl packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.diff.gz
        Size/MD5 checksum:    37500 ce05f327ba06e067f8df78cb60ad386a
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1.orig.tar.gz
        Size/MD5 checksum:  6795608 20dfdc45c3aeb9893b75d41087f828d9
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01.orig.tar.gz
        Size/MD5 checksum:  5531748 b9fed961d538c0aeb841f7e46bc80857
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.dsc
        Size/MD5 checksum:      830 5b84dd5a5171b74045c110eb3d21ecd2
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.dsc
        Size/MD5 checksum:      729 8c80ff522cee28a37afcb68f2221be6b
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.diff.gz
        Size/MD5 checksum:    56507 b02a4b36a97c61f5b81c4c0f2c9b8957
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.01-6_all.deb
        Size/MD5 checksum:    12514 b1a11cd8a49dc3bb4afe3f2c29ff3f44
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_alpha.deb
        Size/MD5 checksum:  2838228 f34adbdd25489e9a6354249546996143
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_alpha.deb
        Size/MD5 checksum:  3189058 08aa096b5140c638ad6b200ee4f67cc7
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_amd64.deb
        Size/MD5 checksum:  2546568 d28291f6de6728cffe4749bc3432b5be
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_amd64.deb
        Size/MD5 checksum:  2868960 35d3f4801301323023e24ddac914d677
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_arm.deb
        Size/MD5 checksum:  2487974 22fc607e2e5fd4a573ba3cd276d81075
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_arm.deb
        Size/MD5 checksum:  2799614 dd67289f8031f2a775e1a2fa18cc2640
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_hppa.deb
        Size/MD5 checksum:  2954310 b1d0568a54276c070abd7de5999301ed
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_hppa.deb
        Size/MD5 checksum:  2637170 5fb35e63a13bceaa72108db451ca127a
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_i386.deb
        Size/MD5 checksum:  2466366 a4f4c9be11f8d84cc483863767b29e49
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_i386.deb
        Size/MD5 checksum:  2771496 62ce6bc97289ee62928463a47366a13d
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_ia64.deb
        Size/MD5 checksum:  3558624 7271e410306339eae9ee627560c41763
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_ia64.deb
        Size/MD5 checksum:  3124082 695f97ec95735230dc6bac436c95b100
    
    m68k architecture (Motorola Mc680x0)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_m68k.deb
        Size/MD5 checksum:  2298494 d0014a75fffca1e20419e11872c517b9
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_m68k.deb
        Size/MD5 checksum:  2588462 35f324267363f332d7f518d7f9415e8a
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mips.deb
        Size/MD5 checksum:  2959398 99599bcdc1ffe9b15abd2b4b5bb22216
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mips.deb
        Size/MD5 checksum:  2705408 a87e735224d614a1a822a624bf427942
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mipsel.deb
        Size/MD5 checksum:  2920024 4122f5f6bcc7f9b3b215c329d0e3a53e
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mipsel.deb
        Size/MD5 checksum:  2670268 53405c71a5857e128271a2cd02ae6252
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_powerpc.deb
        Size/MD5 checksum:  2856994 aad2af8daa3490fd8128a10035e8fe09
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_powerpc.deb
        Size/MD5 checksum:  2543328 df7d4be42d759105421733d75b1ad236
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_s390.deb
        Size/MD5 checksum:  2531042 23f6f9c8f869495ab3b8fe61590369ce
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_s390.deb
        Size/MD5 checksum:  2848094 383bbb72d06e8d255cf41d3e6acf53ef
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_sparc.deb
        Size/MD5 checksum:  2432186 25eeaa829f881209f9086f2a12896cde
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_sparc.deb
        Size/MD5 checksum:  2753256 97a4f8235f719f5e5644b33c388ed431
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1.orig.tar.gz
        Size/MD5 checksum:  7384506 002a849bf645c9346ebbcc26a1972e3f
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.diff.gz
        Size/MD5 checksum:   218204 69b74a05c360f4ba85eea35ffb2c6c1c
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.diff.gz
        Size/MD5 checksum:    63267 db2d2917171be033d0e3196ebd93394d
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
        Size/MD5 checksum: 11695732 05938e26bfa8769e28cf2bb38efd9673
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.dsc
        Size/MD5 checksum:      852 3a9f6ff073ee09fb8313224cf219ff62
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.dsc
        Size/MD5 checksum:      829 314ccac99a222bee0752ce13c26d6267
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch1_all.deb
        Size/MD5 checksum:    14288 594611915aaeb3dfbc6a468efd51f0e5
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_alpha.deb
        Size/MD5 checksum:  3394724 9a42f25aed551f7ec8684f1723a2a474
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_alpha.deb
        Size/MD5 checksum:  5876768 b37fed1d32a051655223333b6eda6530
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_amd64.deb
        Size/MD5 checksum:  3139230 1cc7dfcbceffbe2a2326a2a8387b6d4b
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_amd64.deb
        Size/MD5 checksum:  5615964 86a0df555e923106f38a3697067a0609
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_arm.deb
        Size/MD5 checksum:  3026610 cba96a7f640919bbd6d5998111485289
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_arm.deb
        Size/MD5 checksum:  5508330 965b68910bfbae43c40979825ffef476
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_hppa.deb
        Size/MD5 checksum:  3227870 29af72f9b33c9cbe5b9b1b4dde017562
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_hppa.deb
        Size/MD5 checksum:  5724644 c12aa1ad95469fe1f7eb058822343e95
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_i386.deb
        Size/MD5 checksum:  5485092 c44ea2c20dc4472021f47296ab004f05
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_i386.deb
        Size/MD5 checksum:  3002876 f51ec0b3eb84362f54b3f6a1932fcc40
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_ia64.deb
        Size/MD5 checksum:  4037068 42fa033ed49b7f13d68201abe02b892f
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_ia64.deb
        Size/MD5 checksum:  6548054 1ca0d9dec541aafacdd36bce46ebce29
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mips.deb
        Size/MD5 checksum:  3218122 2019f48ea1829cd38a099f01d17ad2b5
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mips.deb
        Size/MD5 checksum:  5778866 996adb8158abbd3ddd6ded34fd463534
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mipsel.deb
        Size/MD5 checksum:  5742732 2dd5262d3521df3ecbf1f1c95ff07005
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mipsel.deb
        Size/MD5 checksum:  3181834 282986a71781a5ccc645d03ea14d4766
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_powerpc.deb
        Size/MD5 checksum:  5579416 24a6b1694d6aa66df676610cca380cf3
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_powerpc.deb
        Size/MD5 checksum:  3103556 291e4c92e6f933523663aed2d7e0e71e
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_s390.deb
        Size/MD5 checksum:  5534914 49e7a2502e303d21bed0161841af4eec
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_s390.deb
        Size/MD5 checksum:  3083516 91f1ae5ac05b1e17e700f59c66d778f9
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_sparc.deb
        Size/MD5 checksum:  5425410 fb7afa7cbfb9f9ba707aeddf5c00ff80
      https://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_sparc.deb
        Size/MD5 checksum:  2947418 d815d67dc78463de966b8c9825c4bcf1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"15","type":"x","order":"1","pct":36.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"8","type":"x","order":"2","pct":19.51,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"18","type":"x","order":"3","pct":43.9,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.