oem-qa team mailing list archive

Thread
Date

[Bug 352920] Re: Update ghostscript to version 8.61.dfsg.1-1ubuntu3.1

To: oem-qa@xxxxxxxxxxxxxxxxxxx
From: feranick <feranick@xxxxxxxxxxx>
Date: Fri, 17 Apr 2009 01:19:36 -0000
Reply-to: Bug 352920 <352920@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

New release in generic hardy fixes several other vulnerabilities

ghostscript (8.61.dfsg.1-1ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via buffer underflow in the CCITTFax decoding filter
    - debian/patches/33_CVE-2007-6725.dpatch: work around the buffer
      underflow in src/scfd.c.
    - CVE-2007-6725
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via BaseFont writer module
    - debian/patches/34_CVE-2008-6679.dpatch: increase size of buffer in
      src/gdevpdtb.c.
    - CVE-2008-6679
  * SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
    dictionary segments
    - debian/patches/35_CVE-2009-0196.dpatch: validate size of runlength
      in export symbol table in jbig2dec/jbig2_symbol_dict.c.
    - CVE-2009-0196
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via integer overflows in icclib
    - debian/patches/36_CVE-2009-0792.dpatch: fix numerous overflows in
      icclib/icc.c.
    - CVE-2009-0792

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 09 Apr 2009
11:26:12 -0400


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6725

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-6679

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0196

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0792

** Summary changed:

- Update ghostscript to version 8.61.dfsg.1-1ubuntu3.1
+ Update ghostscript to version 8.61.dfsg.1-1ubuntu3.2

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0583

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0584

-- 
Update ghostscript to version 8.61.dfsg.1-1ubuntu3.2
https://bugs.launchpad.net/bugs/352920
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed

Bug description:
OpenSSL is currently in version 8.61.dfsg.1-1ubuntu3. in dell-mini-hardy. It should be update to version 8.61.dfsg.1-1ubuntu3.1 to fix several security vulnerabilities. Generic hardy has been already been patched.



ghostscript (8.61.dfsg.1-1ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution due to integer overflows and
    insufficient upper-bounds checks in the ICC library
    - debian/patches/32_CVE-2009-0583_0584.dpatch: fix multiple integer
      overflows and perform bounds checking in icclib/icc.c.
    - CVE-2009-0583
    - CVE-2009-0584

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Mon, 23 Mar 2009 07:46:37 -0400