Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2012:1289-1: important: ghostscript

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: ghostscript

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2012:1289-1

Rating: important

References: #779700

Cross-References: CVE-2012-4405

Affected Products:

openSUSE 11.4

______________________________________________________________________________

 

An update that fixes one vulnerability is now available.

 

Description:

 

The following security issue was fixed in ghostscript:

 

Multiple integer underflows in the icmLut_allocate function

in International Color Consortium (ICC) Format library

(icclib), as used in Ghostscript 9.06 and Argyll Color

Management System, allow remote attackers to cause a denial

of service (crash) and possibly execute arbitrary code via

a crafted (1) PostScript or (2) PDF file with embedded

images, which triggers a heap-based buffer overflow. NOTE:

this issue is also described as an array index error.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 11.4:

 

zypper in -t patch openSUSE-2012-668

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 11.4 (i586 x86_64):

 

ghostscript-devel-9.00-4.48.1

ghostscript-ijs-devel-9.00-4.48.1

ghostscript-library-9.00-4.48.1

ghostscript-library-debuginfo-9.00-4.48.1

ghostscript-library-debugsource-9.00-4.48.1

ghostscript-x11-9.00-4.48.1

ghostscript-x11-debuginfo-9.00-4.48.1

libgimpprint-4.2.7-334.48.1

libgimpprint-debuginfo-4.2.7-334.48.1

libgimpprint-devel-4.2.7-334.48.1

 

- openSUSE 11.4 (noarch):

 

ghostscript-fonts-other-9.00-4.48.1

ghostscript-fonts-rus-9.00-4.48.1

ghostscript-fonts-std-9.00-4.48.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-4405.html

https://bugzilla.novell.com/779700

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×