Oval Definition:oval:org.mitre.oval:def:13122
Revision Date:2014-06-23Version:20
Title:DSA-1746-1 ghostscript -- several vulnerabilities
Description:Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0583 Jan Lieskovsky discovered multiple integer overflows in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. CVE-2009-0584 Jan Lieskovsky discovered insufficient upper-bounds checks on certain variable sizes in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. For the stable distribution, these problems have been fixed in version 8.62.dfsg.1-3.2lenny1. For the oldstable distribution, these problems have been fixed in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable is called gs-gpl. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your ghostscript/gs-gpl packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0583
CVE-2009-0584
DSA-1746-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):ghostscript
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • gs-gpl DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR gs-aladdin DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR gs DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR ghostscript-doc DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR gs-esp DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR gs-common DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libgs-dev DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR ghostscript-x DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR ghostscript DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR libgs8 DPKG is earlier than 8.62.dfsg.1-3.2lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND gs DPKG is earlier than 8.54.dfsg.1-5etch2
  • OR gs-gpl DPKG is earlier than 8.54.dfsg.1-5etch2
    • BACK