Update ghostscript to version 8.61.dfsg.1-1ubuntu3.2

Bug #352920 reported by Nicola Ferralis
252
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Confirmed
Undecided
Unassigned

Bug Description

OpenSSL is currently in version 8.61.dfsg.1-1ubuntu3. in dell-mini-hardy. It should be update to version 8.61.dfsg.1-1ubuntu3.1 to fix several security vulnerabilities. Generic hardy has been already been patched.

ghostscript (8.61.dfsg.1-1ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution due to integer overflows and
    insufficient upper-bounds checks in the ICC library
    - debian/patches/32_CVE-2009-0583_0584.dpatch: fix multiple integer
      overflows and perform bounds checking in icclib/icc.c.
    - CVE-2009-0583
    - CVE-2009-0584

 -- Marc Deslauriers <email address hidden> Mon, 23 Mar 2009 07:46:37 -0400

Changed in dell-mini:
status: New → Confirmed
Revision history for this message
Nicola Ferralis (feranick) wrote :

New release in generic hardy fixes several other vulnerabilities

ghostscript (8.61.dfsg.1-1ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via buffer underflow in the CCITTFax decoding filter
    - debian/patches/33_CVE-2007-6725.dpatch: work around the buffer
      underflow in src/scfd.c.
    - CVE-2007-6725
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via BaseFont writer module
    - debian/patches/34_CVE-2008-6679.dpatch: increase size of buffer in
      src/gdevpdtb.c.
    - CVE-2008-6679
  * SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
    dictionary segments
    - debian/patches/35_CVE-2009-0196.dpatch: validate size of runlength
      in export symbol table in jbig2dec/jbig2_symbol_dict.c.
    - CVE-2009-0196
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via integer overflows in icclib
    - debian/patches/36_CVE-2009-0792.dpatch: fix numerous overflows in
      icclib/icc.c.
    - CVE-2009-0792

 -- Marc Deslauriers <email address hidden> Thu, 09 Apr 2009 11:26:12 -0400

summary: - Update ghostscript to version 8.61.dfsg.1-1ubuntu3.1
+ Update ghostscript to version 8.61.dfsg.1-1ubuntu3.2
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.