Описание
ELSA-2012-0095: ghostscript security update (MODERATE)
[8.70-11:.6]
- Applied upstream fix to last patch (CVE-2010-4054, bug #646086).
[8.70-11:.5]
- Applied patch to prevent null pointer dereference (CVE-2010-4054, bug #646086).
[8.70-11:.4]
- Don't ship patch backup files for CVE-2010-2055.
[8.70-11:.3]
- Applied patch to prevent integer underflow in TrueType bytecode interpreter (CVE-2009-3743, bug #627902).
- Applied patch to avoid reading initialization files from CWD (CVE-2010-2055, bug #599564).
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ghostscript
8.70-11.el6_2.6
ghostscript-devel
8.70-11.el6_2.6
ghostscript-doc
8.70-11.el6_2.6
ghostscript-gtk
8.70-11.el6_2.6
Oracle Linux i686
ghostscript
8.70-11.el6_2.6
ghostscript-devel
8.70-11.el6_2.6
ghostscript-doc
8.70-11.el6_2.6
ghostscript-gtk
8.70-11.el6_2.6
Oracle Linux 5
Oracle Linux ia64
ghostscript
8.70-6.el5_7.6
ghostscript-devel
8.70-6.el5_7.6
ghostscript-gtk
8.70-6.el5_7.6
Oracle Linux x86_64
ghostscript
8.70-6.el5_7.6
ghostscript-devel
8.70-6.el5_7.6
ghostscript-gtk
8.70-6.el5_7.6
Oracle Linux i386
ghostscript
8.70-6.el5_7.6
ghostscript-devel
8.70-6.el5_7.6
ghostscript-gtk
8.70-6.el5_7.6
Связанные CVE
Связанные уязвимости
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode i ...
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.