Test ID:	1.3.6.1.4.1.25623.1.0.68219
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-961-1 (ghostscript)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ghostscript announced via advisory USN-961-1. Details follow: David Srbecky discovered that Ghostscript incorrectly handled debug logging. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2009-4270) It was discovered that Ghostscript incorrectly handled certain malformed files. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897) Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2010-1628) Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.3 Ubuntu 9.04: libgs8 8.64.dfsg.1-0ubuntu8.1 Ubuntu 9.10: libgs8 8.70.dfsg.1-0ubuntu3.1 Ubuntu 10.04 LTS: libgs8 8.71.dfsg.1-0ubuntu5.2 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-961-1 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4270 37410 http://www.securityfocus.com/bid/37410 37851 http://secunia.com/advisories/37851 40580 http://secunia.com/advisories/40580 61140 http://osvdb.org/61140 ADV-2009-3597 http://www.vupen.com/english/advisories/2009/3597 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2010:134 http://www.mandriva.com/security/advisories?name=MDVSA-2010:134 MDVSA-2010:135 http://www.mandriva.com/security/advisories?name=MDVSA-2010:135 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html USN-961-1 http://www.ubuntu.com/usn/USN-961-1 [oss-security] 20091217 possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/1 [oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/2 http://bugs.ghostscript.com/show_bug.cgi?id=690829 https://bugzilla.redhat.com/show_bug.cgi?id=540760 Common Vulnerability Exposure (CVE) ID: CVE-2009-4897 41593 http://www.securityfocus.com/bid/41593 66277 http://www.osvdb.org/66277 ghostscript-iscan-bo(60380) https://exchange.xforce.ibmcloud.com/vulnerabilities/60380 http://bugs.ghostscript.com/show_bug.cgi?id=690523 https://bugzilla.redhat.com/show_bug.cgi?id=613792 Common Vulnerability Exposure (CVE) ID: CVE-2010-1628 20100511 Multiple memory corruption vulnerabilities in Ghostscript http://seclists.org/fulldisclosure/2010/May/134 20100512 Multiple memory corruption vulnerabilities in Ghostscript http://www.securityfocus.com/archive/1/511243/100/0/threaded 39753 http://secunia.com/advisories/39753 40107 http://www.securityfocus.com/bid/40107 ADV-2010-1138 http://www.vupen.com/english/advisories/2010/1138 [oss-security] 20100511 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/12/1 [oss-security] 20100518 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/18/7 http://bugs.ghostscript.com/show_bug.cgi?id=691295 https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 Common Vulnerability Exposure (CVE) ID: CVE-2010-1869 BugTraq ID: 40103 http://www.securityfocus.com/bid/40103 Bugtraq: 20100512 Multiple memory corruption vulnerabilities in Ghostscript (Google Search) http://www.mandriva.com/security/advisories?name=MDVSA-2010:102 http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html http://www.securitytracker.com/id?1024003 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://www.vupen.com/english/advisories/2010/1195
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.