Test ID:	1.3.6.1.4.1.25623.1.0.63585
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0345
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0345.;;Ghostscript is a set of software that provides a PostScript(TM);interpreter, a set of C procedures (the Ghostscript library, which;implements the graphics capabilities in the PostScript language) and;an interpreter for Portable Document Format (PDF) files.;;Multiple integer overflow flaws which could lead to heap-based buffer;overflows, as well as multiple insufficient input validation flaws, were;found in Ghostscript's International Color Consortium Format library;(icclib). Using specially-crafted ICC profiles, an attacker could create a;malicious PostScript or PDF file with embedded images which could cause;Ghostscript to crash, or, potentially, execute arbitrary code when opened;by the victim. (CVE-2009-0583, CVE-2009-0584);;All users of ghostscript are advised to upgrade to these updated packages,;which contain a backported patch to correct these issues.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0345. Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584) All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0583 1021868 http://securitytracker.com/id?1021868 20090319 rPSA-2009-0050-1 ghostscript http://www.securityfocus.com/archive/1/501994/100/0/threaded 262288 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 34184 http://www.securityfocus.com/bid/34184 34266 http://secunia.com/advisories/34266 34373 http://secunia.com/advisories/34373 34381 http://secunia.com/advisories/34381 34393 http://secunia.com/advisories/34393 34398 http://secunia.com/advisories/34398 34418 http://secunia.com/advisories/34418 34437 http://secunia.com/advisories/34437 34443 http://secunia.com/advisories/34443 34469 http://secunia.com/advisories/34469 34729 http://secunia.com/advisories/34729 35559 http://secunia.com/advisories/35559 35569 http://secunia.com/advisories/35569 ADV-2009-0776 http://www.vupen.com/english/advisories/2009/0776 ADV-2009-0777 http://www.vupen.com/english/advisories/2009/0777 ADV-2009-0816 http://www.vupen.com/english/advisories/2009/0816 ADV-2009-1708 http://www.vupen.com/english/advisories/2009/1708 DSA-1746 http://www.debian.org/security/2009/dsa-1746 ESB-2009.0259 http://www.auscert.org.au/render.html?it=10666 FEDORA-2009-2883 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html FEDORA-2009-2885 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html FEDORA-2009-3011 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html FEDORA-2009-3031 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html GLSA-200903-37 http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 MDVSA-2009:096 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 RHSA-2009:0345 http://www.redhat.com/support/errata/RHSA-2009-0345.html SUSE-SR:2009:007 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html USN-743-1 http://www.ubuntu.com/usn/USN-743-1 USN-757-1 https://usn.ubuntu.com/757-1/ ghostscript-icclib-native-color-bo(49329) https://exchange.xforce.ibmcloud.com/vulnerabilities/49329 http://bugs.gentoo.org/show_bug.cgi?id=261087 http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 https://bugzilla.redhat.com/show_bug.cgi?id=487742 https://issues.rpath.com/browse/RPL-2991 oval:org.mitre.oval:def:10795 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795 Common Vulnerability Exposure (CVE) ID: CVE-2009-0584 52988 http://osvdb.org/52988 ghostscript-icclib-bo(49327) https://exchange.xforce.ibmcloud.com/vulnerabilities/49327 https://bugzilla.redhat.com/show_bug.cgi?id=487744 oval:org.mitre.oval:def:10544 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.