Ubuntu Local Security Checks : Ubuntu USN-757-1 (gs-gpl)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.63856
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-757-1 (gs-gpl)
Summary:	Ubuntu USN-757-1 (gs-gpl)
Description:	The remote host is missing an update to gs-gpl announced via advisory USN-757-1. Details follow: It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2008-6679) It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0792) Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0196) USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package. Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583) It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0584) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2 gs-gpl 8.15-4ubuntu3.3 Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.2 Ubuntu 8.10: libgs8 8.63.dfsg.1-0ubuntu6.4 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-757-1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5259 Bugtraq: 20090415 Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/502701/100/0/threaded http://secunia.com/secunia_research/2008-57/ BugTraq ID: 34523 http://www.securityfocus.com/bid/34523 http://www.securitytracker.com/id?1022061 http://secunia.com/advisories/33196 http://www.vupen.com/english/advisories/2009/1044 XForce ISS Database: divxwebplayer-strf-bo(49908) http://xforce.iss.net/xforce/xfdb/49908 Common Vulnerability Exposure (CVE) ID: CVE-2009-0584 Bugtraq: 20090319 rPSA-2009-0050-1 ghostscript (Google Search) http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded Debian Security Information: DSA-1746 (Google Search) http://www.debian.org/security/2009/dsa-1746 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.redhat.com/support/errata/RHSA-2009-0345.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-743-1 http://www.ubuntulinux.org/support/documentation/usn/usn-757-1 AUSCERT Advisory: ESB-2009.0259 http://www.auscert.org.au/render.html?it=10666 BugTraq ID: 34184 http://www.securityfocus.com/bid/34184 http://osvdb.org/52988 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10544 http://securitytracker.com/id?1021868 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://secunia.com/advisories/34437 http://secunia.com/advisories/34418 http://secunia.com/advisories/34266 http://secunia.com/advisories/34443 http://secunia.com/advisories/34469 http://secunia.com/advisories/34729 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://www.vupen.com/english/advisories/2009/0816 http://www.vupen.com/english/advisories/2009/1708 XForce ISS Database: ghostscript-icclib-bo(49327) http://xforce.iss.net/xforce/xfdb/49327 Common Vulnerability Exposure (CVE) ID: CVE-2009-0583 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10795 XForce ISS Database: ghostscript-icclib-native-color-bo(49329) http://xforce.iss.net/xforce/xfdb/49329 Common Vulnerability Exposure (CVE) ID: CVE-2009-1012 http://secunia.com/secunia_research/2009-22/ Cert/CC Advisory: TA09-105A http://www.us-cert.gov/cas/techalerts/TA09-105A.html BugTraq ID: 34461 http://www.securityfocus.com/bid/34461 http://osvdb.org/53765 http://www.securitytracker.com/id?1022059 XForce ISS Database: oracle-bea-http-bo(64935) http://xforce.iss.net/xforce/xfdb/64935 Common Vulnerability Exposure (CVE) ID: CVE-2007-6725 Bugtraq: 20090417 rPSA-2009-0060-1 ghostscript (Google Search) http://www.securityfocus.com/archive/1/archive/1/502757/100/0/threaded http://www.openwall.com/lists/oss-security/2009/04/01/10 http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html http://www.redhat.com/support/errata/RHSA-2009-0420.html http://www.redhat.com/support/errata/RHSA-2009-0421.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html BugTraq ID: 34337 http://www.securityfocus.com/bid/34337 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9507 http://secunia.com/advisories/34726 http://secunia.com/advisories/34732 http://secunia.com/advisories/35416 Common Vulnerability Exposure (CVE) ID: CVE-2009-1016 http://secunia.com/secunia_research/2009-23/ XForce ISS Database: oracle-bea-ssl-bo(64934) http://xforce.iss.net/xforce/xfdb/64934 Common Vulnerability Exposure (CVE) ID: CVE-2009-1185 Bugtraq: 20090417 rPSA-2009-0063-1 udev (Google Search) http://www.securityfocus.com/archive/1/archive/1/502752/100/0/threaded Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search) http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded http://www.milw0rm.com/exploits/8572 http://lists.vmware.com/pipermail/security-announce/2009/000060.html https://launchpad.net/bugs/cve/2009-1185 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063 Debian Security Information: DSA-1772 (Google Search) http://www.debian.org/security/2009/dsa-1772 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:103 http://www.mandriva.com/security/advisories?name=MDVSA-2009:104 http://www.redhat.com/support/errata/RHSA-2009-0427.html http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399 SuSE Security Announcement: SUSE-SA:2009:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html SuSE Security Announcement: SUSE-SA:2009:025 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html http://www.ubuntu.com/usn/usn-758-1 BugTraq ID: 34536 http://www.securityfocus.com/bid/34536 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10925 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5975 http://www.securitytracker.com/id?1022067 http://secunia.com/advisories/34731 http://secunia.com/advisories/34750 http://secunia.com/advisories/34753 http://secunia.com/advisories/34771 http://secunia.com/advisories/34785 http://secunia.com/advisories/34787 http://secunia.com/advisories/34801 http://secunia.com/advisories/34776 http://secunia.com/advisories/35766 http://www.vupen.com/english/advisories/2009/1053 http://www.vupen.com/english/advisories/2009/1865 Common Vulnerability Exposure (CVE) ID: CVE-2009-0796 Bugtraq: 20090415 XSS with mod_perl perl_status utility (Google Search) http://www.securityfocus.com/archive/1/archive/1/502709/100/0/threaded http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477 http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475 https://launchpad.net/bugs/cve/2009-0796 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:091 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1 BugTraq ID: 34383 http://www.securityfocus.com/bid/34383 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8488 http://www.securitytracker.com/id?1021988 http://secunia.com/advisories/34597 http://www.vupen.com/english/advisories/2009/0943 Common Vulnerability Exposure (CVE) ID: CVE-2009-0792 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11207 http://secunia.com/advisories/34711 http://secunia.com/advisories/34667 XForce ISS Database: ghostscript-icc-bo(50381) http://xforce.iss.net/xforce/xfdb/50381 Common Vulnerability Exposure (CVE) ID: CVE-2009-0196 Bugtraq: 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/502586/100/0/threaded http://secunia.com/secunia_research/2009-21/ https://bugzilla.redhat.com/attachment.cgi?id=337747 BugTraq ID: 34445 http://www.securityfocus.com/bid/34445 http://osvdb.org/53492 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10533 http://www.securitytracker.com/id?1022029 http://secunia.com/advisories/34292 http://www.vupen.com/english/advisories/2009/0983 Common Vulnerability Exposure (CVE) ID: CVE-2008-6679 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10019 Common Vulnerability Exposure (CVE) ID: CVE-2009-1186 https://launchpad.net/bugs/cve/2009-1186 BugTraq ID: 34539 http://www.securityfocus.com/bid/34539 http://www.securitytracker.com/id?1022068
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com