| |||||||||||||||||||
Pardus alert 2010-101 (ghostscript)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-101 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-08-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= An error in the processing of PostScript files can be exploited to cause a memory corruption via recursive function calls and may allow execution of arbitrary code via a specially crafted PostScript file. Description =========== CVE-2010-1628: Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. Affected packages: Pardus 2009: ghostscript, all before 8.71-30-13 Resolution ========== There are update(s) for ghostscript. You can update them via Package Manager or with a single command from console: pisi up ghostscript References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13137 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... * http://secunia.com/advisories/39753 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||