MGASA-2012-0301
| Date: | October 20th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated ghostscript packages fix security vulnerability:
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in Ghostscript's International Color Consortium Format library
(icclib). An attacker could create a specially-crafted PostScript or
PDF file with embedded images that would cause Ghostscript to crash
or, potentially, execute arbitrary code with the privileges of the
user running Ghostscript (CVE-2012-4405).
The argyllcms and icclib packages in Mageia 2 are also affected by this
flaw and have been updated as well.
There are known file conflicts between argyllcms and icclib which will be
fixed in a separate update. See bug 5897 for further details.
Updated Packages:
Mageia 1:
ghostscript-9.04-1.1.mga1
ghostscript-common-9.04-1.1.mga1
ghostscript-doc-9.04-1.1.mga1
ghostscript-dvipdf-9.04-1.1.mga1
ghostscript-module-X-9.04-1.1.mga1
ghostscript-X-9.04-1.1.mga1
lib(64)gs9-9.04-1.1.mga1
lib(64)gs9-devel-9.04-1.1.mga1
lib(64)ijs1-0.35-81.1.mga1
lib(64)ijs1-devel-0.35-81.1.mga1
Mageia 2:
argyllcms-1.4.0-1.1.mga2
ghostscript-9.05-2.1.mga2
ghostscript-common-9.05-2.1.mga2
ghostscript-doc-9.05-2.1.mga2
ghostscript-dvipdf-9.05-2.1.mga2
ghostscript-module-X-9.05-2.1.mga2
ghostscript-X-9.05-2.1.mga2
icclib-2.13-1.1.mga2
lib(64)gs9-9.05-2.1.mga2
lib(64)gs9-devel-9.05-2.1.mga2
lib(64)ijs1-0.35-86.1.mga2
lib(64)ijs1-devel-0.35-86.1.mga2
lib(64)icc2-2.13-1.1.mga2
lib(64)icc-devel-2.13-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:151-1
https://bugs.mageia.org/show_bug.cgi?id=7464
