DSA-2093-1 ghostscript -- severalID: oval:org.secpod.oval:def:600066 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4897 It was discovered a buffer overflow that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document containing a long name. CVE-2010-1628 Dan Rosenberg discovered that ghostscript incorrectly handled certain recursive Postscript files. An attacker could execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. For the stable distribution , these problems have been fixed in version 8.62.dfsg.1-3.2lenny5 For the testing distribution and the unstable distribution , these problems have been fixed in version 8.71~dfsg2-4 We recommend that you upgrade your ghostscript package.