Mandrake alert: Updated ghostscript packages fix vulnerability

Posted by dave on Jun 10, 2003 8:51 AM EDT
Mailing list
Mail this story
Print this story

A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory ________________________________________________________________________

Package name: ghostscript Advisory ID: MDKSA-2003:065 Date: June 10th, 2003

Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1 ________________________________________________________________________

Problem Description:

A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. ________________________________________________________________________

References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0354 http://www.ghostscript.com/pipermail/gs-cvs/2003-May/003276.html ________________________________________________________________________

Updated Packages: Corporate Server 2.1: aea19db660ed07ab74e7ca7b69cad216 corporate/2.1/RPMS/cups-drivers-1.1-84.3mdk.i586.rpm ccfec0900853fcdeaa2a1ec051310f2e corporate/2.1/RPMS/foomatic-2.0.2-20021220.2.3mdk.i586.rpm c179c1b205d1dbd529cf06326ceb3ec7 corporate/2.1/RPMS/ghostscript-7.05-33.3mdk.i586.rpm b9ab3bc8caf0a386242b399d6d56d4ac corporate/2.1/RPMS/ghostscript-module-X-7.05-33.3mdk.i586.rpm 5ece76a3b7a0cb5994976ea16df2bcd4 corporate/2.1/RPMS/libgimpprint1-4.2.5-0.2.3mdk.i586.rpm f9cdc11bfd3fe0e9171ef6d89998f7c7 corporate/2.1/RPMS/libgimpprint1-devel-4.2.5-0.2.3mdk.i586.rpm 0609ace94d1a39215dd3abd99a8c7e2c corporate/2.1/RPMS/printer-filters-1.0-84.3mdk.i586.rpm 5171fcbe0d917699832824beba8a878f corporate/2.1/RPMS/printer-testpages-1.0-84.3mdk.i586.rpm eb6578c57de83aab79d91dd318b96692 corporate/2.1/RPMS/printer-utils-1.0-84.3mdk.i586.rpm 49c2a573b772796b7d0cf3ac384dd747 corporate/2.1/RPMS/libijs0-0.34-24.3mdk.i586.rpm a82adb5008ac22c603dfbdc5777fc72b corporate/2.1/RPMS/libijs0-devel-0.34-24.3mdk.i586.rpm 447342be8d0ec6461aa39c7378054358 corporate/2.1/SRPMS/printer-drivers-1.0-84.3mdk.src.rpm

Mandrake Linux 8.2: 98a16a048eecdabd881dd4e3f1db2bc4 8.2/RPMS/cups-drivers-1.1-48.3mdk.i586.rpm 7c6a97a539f60bb994de6fc89584b111 8.2/RPMS/foomatic-1.1-0.20020323mdk.i586.rpm 4182e96ec07ba45755a9b7f5dbed9790 8.2/RPMS/ghostscript-6.53-13.3mdk.i586.rpm 7fc3901aa3bac77984ff4bbf477a55cd 8.2/RPMS/ghostscript-module-SVGALIB-6.53-13.3mdk.i586.rpm 8015c102df3ad06544c1ffea83212fd5 8.2/RPMS/ghostscript-module-X-6.53-13.3mdk.i586.rpm 68f9262a854e7c1191fd24353896d22c 8.2/RPMS/gimpprint-4.2.1-0.pre5.3mdk.i586.rpm 9a97abe1716d973fab426e512f02d678 8.2/RPMS/libgimpprint1-4.2.1-0.pre5.3mdk.i586.rpm 8362fbd5454fb23549989f76174eea91 8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.3mdk.i586.rpm c4d15ea95de55bb1c3eb095b0b4364da 8.2/RPMS/omni-0.6.0-2.3mdk.i586.rpm 2762ba487578cd4ba87e56a5f21dd29c 8.2/RPMS/printer-filters-1.0-48.3mdk.i586.rpm 75ae4ec0b70f3da9c67714dab1d4d54e 8.2/RPMS/printer-testpages-1.0-48.3mdk.i586.rpm 880d4397b61366a56f87dea7d15f9541 8.2/RPMS/printer-utils-1.0-48.3mdk.i586.rpm 04a4a67f87a04654aa93329379214317 8.2/SRPMS/printer-drivers-1.0-48.3mdk.src.rpm

Mandrake Linux 8.2/PPC: dd1b8b567f27c8bd0169d76511939740 ppc/8.2/RPMS/cups-drivers-1.1-48.3mdk.ppc.rpm d96230121989770b79399a7aad299834 ppc/8.2/RPMS/foomatic-1.1-0.20020323mdk.ppc.rpm a8f6787ef584c74f9cb1fe712c2daddb ppc/8.2/RPMS/ghostscript-6.53-13.3mdk.ppc.rpm 035faee6fa70cae5627a243cc13798b3 ppc/8.2/RPMS/ghostscript-module-X-6.53-13.3mdk.ppc.rpm 7080e346cefc8371aedee4a220c3e212 ppc/8.2/RPMS/gimpprint-4.2.1-0.pre5.3mdk.ppc.rpm 3c14663f32f7dba18cbaab06eb9056f6 ppc/8.2/RPMS/libgimpprint1-4.2.1-0.pre5.3mdk.ppc.rpm e813c250e8b0b79f0a9938d8fc2c5bf1 ppc/8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.3mdk.ppc.rpm 9fbbbba420a943cac659934dcfe651c9 ppc/8.2/RPMS/omni-0.6.0-2.3mdk.ppc.rpm 11fd25db09338592399afa9f87932e5e ppc/8.2/RPMS/printer-filters-1.0-48.3mdk.ppc.rpm 0480157848184ecd6f7c3949bf2b5384 ppc/8.2/RPMS/printer-testpages-1.0-48.3mdk.ppc.rpm 4b8d3bc5fce468495585eb00adbc3ae0 ppc/8.2/RPMS/printer-utils-1.0-48.3mdk.ppc.rpm 04a4a67f87a04654aa93329379214317 ppc/8.2/SRPMS/printer-drivers-1.0-48.3mdk.src.rpm

Mandrake Linux 9.0: aea19db660ed07ab74e7ca7b69cad216 9.0/RPMS/cups-drivers-1.1-84.3mdk.i586.rpm ccfec0900853fcdeaa2a1ec051310f2e 9.0/RPMS/foomatic-2.0.2-20021220.2.3mdk.i586.rpm c179c1b205d1dbd529cf06326ceb3ec7 9.0/RPMS/ghostscript-7.05-33.3mdk.i586.rpm b9ab3bc8caf0a386242b399d6d56d4ac 9.0/RPMS/ghostscript-module-X-7.05-33.3mdk.i586.rpm abbb928bf81434c41b049b42311d257a 9.0/RPMS/gimpprint-4.2.5-0.2.3mdk.i586.rpm 5ece76a3b7a0cb5994976ea16df2bcd4 9.0/RPMS/libgimpprint1-4.2.5-0.2.3mdk.i586.rpm f9cdc11bfd3fe0e9171ef6d89998f7c7 9.0/RPMS/libgimpprint1-devel-4.2.5-0.2.3mdk.i586.rpm d23c652296df1389ef1340ef19806fa0 9.0/RPMS/omni-0.7.1-11.3mdk.i586.rpm 0609ace94d1a39215dd3abd99a8c7e2c 9.0/RPMS/printer-filters-1.0-84.3mdk.i586.rpm 5171fcbe0d917699832824beba8a878f 9.0/RPMS/printer-testpages-1.0-84.3mdk.i586.rpm eb6578c57de83aab79d91dd318b96692 9.0/RPMS/printer-utils-1.0-84.3mdk.i586.rpm 49c2a573b772796b7d0cf3ac384dd747 9.0/RPMS/libijs0-0.34-24.3mdk.i586.rpm a82adb5008ac22c603dfbdc5777fc72b 9.0/RPMS/libijs0-devel-0.34-24.3mdk.i586.rpm 447342be8d0ec6461aa39c7378054358 9.0/SRPMS/printer-drivers-1.0-84.3mdk.src.rpm

Mandrake Linux 9.1: 2e5ec9285d93793c0e412cc76ea20741 9.1/RPMS/cups-drivers-1.1-104.2mdk.i586.rpm e42bcdcc18f1d85e454c43bd8a60189e 9.1/RPMS/foomatic-db-3.0-0.beta2.20030403.2.2mdk.i586.rpm 4363bc896edce1a64e7893418d73767d 9.1/RPMS/foomatic-db-engine-3.0-0.beta2.20030403.2.2mdk.i586.rpm 75349b84600abffb619fcd0736f75ad0 9.1/RPMS/foomatic-filters-3.0-0.beta2.20030403.2.2mdk.i586.rpm 36a6059da9cf971495e95e57075d1fff 9.1/RPMS/ghostscript-7.05-53.2mdk.i586.rpm c3130fdaee8f1350b6f3f0746449ce47 9.1/RPMS/ghostscript-module-X-7.05-53.2mdk.i586.rpm 6e79d0be3652c5cdd9a76adcf4aef5f0 9.1/RPMS/gimpprint-4.2.5-18.2mdk.i586.rpm 9343787de3c3f894f241ef2518647d41 9.1/RPMS/libgimpprint1-4.2.5-18.2mdk.i586.rpm 1b1bba4583a231931f40b754cbe57193 9.1/RPMS/libgimpprint1-devel-4.2.5-18.2mdk.i586.rpm 9b7e9483ce0c8a1f670cbc0ceb809eb1 9.1/RPMS/omni-0.7.2-20.2mdk.i586.rpm 440c1ad03b0a3d3533d0d41ac6d2b187 9.1/RPMS/printer-filters-1.0-104.2mdk.i586.rpm a09036facfee0b5ae198732e9d55eff9 9.1/RPMS/printer-testpages-1.0-104.2mdk.i586.rpm f97ec04ecfedb77dc388f3806487a9bc 9.1/RPMS/printer-utils-1.0-104.2mdk.i586.rpm 0cbc6f80a9cc340a5ad6f13e50d568d5 9.1/RPMS/libijs0-0.34-44.2mdk.i586.rpm aa4c279b848df5b6333f9e7e90ccf0a4 9.1/RPMS/libijs0-devel-0.34-44.2mdk.i586.rpm e467a44d0c5fa8fb41262eccb1928dd0 9.1/SRPMS/printer-drivers-1.0-104.2mdk.src.rpm

Mandrake Linux 9.1/PPC: 84fe4e8c1cbb4f437beca5b0902b55c5 ppc/9.1/RPMS/cups-drivers-1.1-104.2mdk.ppc.rpm 9a0730008855c362306b1053164a239a ppc/9.1/RPMS/foomatic-db-3.0-0.beta2.20030403.2.2mdk.ppc.rpm 1e2c8b9f1df1e307df95c00050a2fb0d ppc/9.1/RPMS/foomatic-db-engine-3.0-0.beta2.20030403.2.2mdk.ppc.rpm 492d63897e1f3f44b3a803c4c64b8563 ppc/9.1/RPMS/foomatic-filters-3.0-0.beta2.20030403.2.2mdk.ppc.rpm 1c7ba1c5cdcb9ab798fd6286f70d9206 ppc/9.1/RPMS/ghostscript-7.05-53.2mdk.ppc.rpm d99f72bc51a18db5e8cc4237f77c765d ppc/9.1/RPMS/ghostscript-module-X-7.05-53.2mdk.ppc.rpm dca9edeff21c9dbc7121a06f44dc0526 ppc/9.1/RPMS/gimpprint-4.2.5-18.2mdk.ppc.rpm 5485c5a1eaa3874884d389c301e2d0dc ppc/9.1/RPMS/libgimpprint1-4.2.5-18.2mdk.ppc.rpm 9dee2792793ecc7e0fe00ef2f47ce3cf ppc/9.1/RPMS/libgimpprint1-devel-4.2.5-18.2mdk.ppc.rpm 1ee916a0b562cb228e74b7f06dc53758 ppc/9.1/RPMS/omni-0.7.2-20.2mdk.ppc.rpm 3ac0740a8bcb31ea6daa374be3028d6a ppc/9.1/RPMS/printer-filters-1.0-104.2mdk.ppc.rpm 35eb41e3b6bdaa03b4d1e1e3398ff028 ppc/9.1/RPMS/printer-testpages-1.0-104.2mdk.ppc.rpm 5ed1e5905c9cc8a300daaab1d80763dc ppc/9.1/RPMS/printer-utils-1.0-104.2mdk.ppc.rpm 466ea6d76c1655ec6e93d75a003ff235 ppc/9.1/RPMS/libijs0-0.34-44.2mdk.ppc.rpm f13a3c6dc17eb6bfe32bf5c8a8021ad3 ppc/9.1/RPMS/libijs0-devel-0.34-44.2mdk.ppc.rpm e467a44d0c5fa8fb41262eccb1928dd0 ppc/9.1/SRPMS/printer-drivers-1.0-104.2mdk.src.rpm ________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H 8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+ AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ 9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z 269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN 6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo 0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ EJGXlA== =yGlX - -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+5gwsmqjQ0CJFipgRAnI9AKDRYrdzcAV4MJ/Rd72Pm1q7eI1K7QCcD0mA sOjU47uU0AO07/b4VHffdxc= =hyWi -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.