English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68219
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-961-1 (ghostscript)
Summary:Ubuntu USN-961-1 (ghostscript)
Description:The remote host is missing an update to ghostscript
announced via advisory USN-961-1.

Details follow:

David Srbecky discovered that Ghostscript incorrectly handled debug
logging. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. This issue only
affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
(CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a crafted
Postscript or PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)

Dan Rosenberg discovered that Ghostscript incorrectly handled certain
recursive Postscript files. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2010-1628)

Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript
incorrectly handled certain malformed Postscript files. If a user or
automated system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libgs8 8.61.dfsg.1-1ubuntu3.3

Ubuntu 9.04:
libgs8 8.64.dfsg.1-0ubuntu8.1

Ubuntu 9.10:
libgs8 8.70.dfsg.1-0ubuntu3.1

Ubuntu 10.04 LTS:
libgs8 8.71.dfsg.1-0ubuntu5.2

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-961-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4270
http://www.openwall.com/lists/oss-security/2009/12/18/1
http://www.openwall.com/lists/oss-security/2009/12/18/2
http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.ubuntu.com/usn/USN-961-1
BugTraq ID: 37410
http://www.securityfocus.com/bid/37410
http://osvdb.org/61140
http://secunia.com/advisories/37851
http://secunia.com/advisories/40580
http://www.vupen.com/english/advisories/2009/3597
Common Vulnerability Exposure (CVE) ID: CVE-2009-4897
BugTraq ID: 41593
http://www.securityfocus.com/bid/41593
http://www.osvdb.org/66277
XForce ISS Database: ghostscript-iscan-bo(60380)
http://xforce.iss.net/xforce/xfdb/60380
Common Vulnerability Exposure (CVE) ID: CVE-2010-1628
Bugtraq: 20100512 Multiple memory corruption vulnerabilities in Ghostscript (Google Search)
http://www.securityfocus.com/archive/1/archive/1/511243/100/0/threaded
http://seclists.org/fulldisclosure/2010/May/134
http://www.openwall.com/lists/oss-security/2010/05/12/1
http://www.openwall.com/lists/oss-security/2010/05/18/7
http://bugs.ghostscript.com/show_bug.cgi?id=691295
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
BugTraq ID: 40107
http://www.securityfocus.com/bid/40107
http://secunia.com/advisories/39753
http://www.vupen.com/english/advisories/2010/1138
Common Vulnerability Exposure (CVE) ID: CVE-2010-1869
http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:102
BugTraq ID: 40103
http://www.securityfocus.com/bid/40103
http://www.securitytracker.com/id?1024003
http://www.vupen.com/english/advisories/2010/1195
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.