Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0425-1 (important): ghostscript security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Thu, 22 Jul 2010 23:08:09 +0200 (CEST)
  • Message-id: <20100722210809.1DA82BE29@xxxxxxxxxxxxxx>
openSUSE Security Update: ghostscript security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0425-1
Rating: important
References: #559122 #605043 #608071
Cross-References: CVE-2009-4270 CVE-2009-4897 CVE-2010-1628
CVE-2010-1869 CVE-2010-2055
Affected Products:
openSUSE 11.0
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

Specially crafted postscript (.ps) files could cause buffer
overflows in ghostscript that could potentially be
exploited to execute arbitrary code (CVE-2010-1628,
CVE-2010-1869, CVE-2009-4270)

ghostscript by default read some initialization files from
the current working directory. Local attackers could
potentially exploit that to have other users execute
arbitrary commands by placing such files e.g. in /tmp
(CVE-2010-2055).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.0:

zypper in -t patch ghostscript-devel-2705

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.0 (i586 ppc src x86_64):

ghostscript-library-8.62-17.8

- openSUSE 11.0 (i586 ppc x86_64):

ghostscript-devel-8.62-17.8
ghostscript-fonts-other-8.62-17.8
ghostscript-fonts-rus-8.62-17.8
ghostscript-fonts-std-8.62-17.8
ghostscript-ijs-devel-8.62-17.8
ghostscript-omni-8.62-17.8
ghostscript-x11-8.62-17.8
libgimpprint-4.2.7-258.8
libgimpprint-devel-4.2.7-258.8


References:

http://support.novell.com/security/cve/CVE-2009-4270.html
http://support.novell.com/security/cve/CVE-2009-4897.html
http://support.novell.com/security/cve/CVE-2010-1628.html
http://support.novell.com/security/cve/CVE-2010-1869.html
http://support.novell.com/security/cve/CVE-2010-2055.html
https://bugzilla.novell.com/559122
https://bugzilla.novell.com/605043
https://bugzilla.novell.com/608071


< Previous Next >
This Thread
  • No further messages