Advisories | Mandriva

Package name	ghostscript
Date	November 5th, 2007
Advisory ID	MDKSA-2007:208
Affected versions	2008.0
Synopsis	Updated ghostscript packages fix vulnerability

Problem Description

A function in the JasPer JPEG-2000 library before 1.900 could allow
a remote user-assisted attack to cause a crash and possibly corrupt
the heap via malformed image files.

Newer versions of ghostscript contain an embedded copy of libjasper
and as such is vulnerable to this issue.

Updated packages have been patched to prevent this issue.

Updated Packages

Mandriva Linux 2008.0

 3dbda0c39e133eba967e921ef4d9d377  2008.0/i586/ghostscript-8.60-55.1mdv2008.0.i586.rpm
 cf99340b6aab383c23539a9a7bcd96aa  2008.0/i586/ghostscript-X-8.60-55.1mdv2008.0.i586.rpm
 2db95eef476a9747b59e48d5868dd2b7  2008.0/i586/ghostscript-common-8.60-55.1mdv2008.0.i586.rpm
 e86be130d3eedaf11a7e3bede176f79a  2008.0/i586/ghostscript-doc-8.60-55.1mdv2008.0.i586.rpm
 26a2ea8df4af62c4702c7453a66960a9  2008.0/i586/ghostscript-dvipdf-8.60-55.1mdv2008.0.i586.rpm
 021f090cf6e8a343ea64d17e1e083528  2008.0/i586/ghostscript-module-X-8.60-55.1mdv2008.0.i586.rpm
 505878a61839498d08ec04b8b69a799a  2008.0/i586/libgs8-8.60-55.1mdv2008.0.i586.rpm
 8af491f61edfe65b3743301ec4adf6a7  2008.0/i586/libgs8-devel-8.60-55.1mdv2008.0.i586.rpm
 3e6682d062deb5c25936be6a994a844d  2008.0/i586/libijs1-0.35-55.1mdv2008.0.i586.rpm
 46085a399f94fe76940b00ed83323193  2008.0/i586/libijs1-devel-0.35-55.1mdv2008.0.i586.rpm 
 ac7dae0e827d0a78207e991d35c69402  2008.0/SRPMS/ghostscript-8.60-55.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 220b39bf086580cd0f54ebc59d02258f  2008.0/x86_64/ghostscript-8.60-55.1mdv2008.0.x86_64.rpm
 caced9befa296d95097d054d6b96dde8  2008.0/x86_64/ghostscript-X-8.60-55.1mdv2008.0.x86_64.rpm
 a3ccbf4bfd287ed7fb82daf1ead22b44  2008.0/x86_64/ghostscript-common-8.60-55.1mdv2008.0.x86_64.rpm
 71ac6e6dcac8deb7c905397dd91aec82  2008.0/x86_64/ghostscript-doc-8.60-55.1mdv2008.0.x86_64.rpm
 5882031bf11b1f60d188fcaacf3a19d7  2008.0/x86_64/ghostscript-dvipdf-8.60-55.1mdv2008.0.x86_64.rpm
 e9727024440ac6d2688e04447a13be5f  2008.0/x86_64/ghostscript-module-X-8.60-55.1mdv2008.0.x86_64.rpm
 df8716e40dc666b1d7e9c0680beb646f  2008.0/x86_64/lib64gs8-8.60-55.1mdv2008.0.x86_64.rpm
 e5fccc487f95335d9a11737a93afa263  2008.0/x86_64/lib64gs8-devel-8.60-55.1mdv2008.0.x86_64.rpm
 bbc1d9b1199626a2523ee8582de759e8  2008.0/x86_64/lib64ijs1-0.35-55.1mdv2008.0.x86_64.rpm
 2a757a1e8852866a3e3ec2d16fcaac44  2008.0/x86_64/lib64ijs1-devel-0.35-55.1mdv2008.0.x86_64.rpm 
 ac7dae0e827d0a78207e991d35c69402  2008.0/SRPMS/ghostscript-8.60-55.1mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.