| |||||||||||||||||||
Mageia alert MGASA-2012-0301 (ghostscript)
MGASA-2012-0301 Date: October 20th, 2012 Affected releases: 1, 2 Description: Updated ghostscript packages fix security vulnerability: An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The argyllcms and icclib packages in Mageia 2 are also affected by this flaw and have been updated as well. There are known file conflicts between argyllcms and icclib which will be fixed in a separate update. See bug 5897 for further details. Updated Packages: Mageia 1: ghostscript-9.04-1.1.mga1 ghostscript-common-9.04-1.1.mga1 ghostscript-doc-9.04-1.1.mga1 ghostscript-dvipdf-9.04-1.1.mga1 ghostscript-module-X-9.04-1.1.mga1 ghostscript-X-9.04-1.1.mga1 lib(64)gs9-9.04-1.1.mga1 lib(64)gs9-devel-9.04-1.1.mga1 lib(64)ijs1-0.35-81.1.mga1 lib(64)ijs1-devel-0.35-81.1.mga1 Mageia 2: argyllcms-1.4.0-1.1.mga2 ghostscript-9.05-2.1.mga2 ghostscript-common-9.05-2.1.mga2 ghostscript-doc-9.05-2.1.mga2 ghostscript-dvipdf-9.05-2.1.mga2 ghostscript-module-X-9.05-2.1.mga2 ghostscript-X-9.05-2.1.mga2 icclib-2.13-1.1.mga2 lib(64)gs9-9.05-2.1.mga2 lib(64)gs9-devel-9.05-2.1.mga2 lib(64)ijs1-0.35-86.1.mga2 lib(64)ijs1-devel-0.35-86.1.mga2 lib(64)icc2-2.13-1.1.mga2 lib(64)icc-devel-2.13-1.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405 http://www.mandriva.com/en/support/security/advisories/?d... https://bugs.mageia.org/show_bug.cgi?id=7464 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||