安全研究
安全漏洞
Ghostscript多个输入验证和整数溢出漏洞
发布日期:2009-03-19
更新日期:2009-03-20
受影响系统:
Ghostscript Ghostscript 8.x描述:
Ghostscript Ghostscript 7.x
BUGTRAQ ID: 34184
CVE(CAN) ID: CVE-2009-0583,CVE-2009-0584
Ghostscript是用于显示PostScript文件或向非PostScript打印机打印这些文件的程序。
Ghostscript的国际色彩联盟格式库(icclib)中存在多个可导致堆溢出的整数溢出,以及多个不充分输入验证错误。攻击者可以使用特制的ICC配置文件创建嵌入了图形的恶意PostScript或PDF文件,如果受害用户打开了该文件就会导致Ghostscript崩溃或执行任意代码。
<*来源:Jan Lieskovsky (jlieskov@redhat.com)
链接:https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=487742
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=487744
http://secunia.com/advisories/34393/
http://secunia.com/advisories/34373/
https://www.redhat.com/support/errata/RHSA-2009-0345.html
http://www.debian.org/security/2009/dsa-1746
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1746-1)以及相应补丁:
DSA-1746-1:New ghostscript packages fix arbitrary code execution
链接:http://www.debian.org/security/2009/dsa-1746
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
Size/MD5 checksum: 11695732 05938e26bfa8769e28cf2bb38efd9673
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.diff.gz
Size/MD5 checksum: 222025 2c1bc048ef7c965631c44e4f5fdf2421
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.dsc
Size/MD5 checksum: 837 548225280e3ea0cc9f0752a0b84ee16a
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch2_all.deb
Size/MD5 checksum: 14404 acbacfffd7964c8d7e2efc6d7b0c5fff
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_alpha.deb
Size/MD5 checksum: 5838820 d4e38d1dbc1265ca2b4ad8e49b8700cb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_amd64.deb
Size/MD5 checksum: 5617322 f9d719e1c72e869f0aa530057d5da244
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_arm.deb
Size/MD5 checksum: 5509682 3581a6fa9c7e1b7eecb139a69bad831d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_hppa.deb
Size/MD5 checksum: 5766684 408f1bc20285d13ebdaa1e92be345004
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_i386.deb
Size/MD5 checksum: 5526514 3f23df691da756cd3dbd7a56b1f7baae
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_ia64.deb
Size/MD5 checksum: 6551116 f0204f85d0c2342ce1df8a877b09ee68
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mips.deb
Size/MD5 checksum: 5737602 48b8a1cd5c68383cb2bd673845a26a4c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mipsel.deb
Size/MD5 checksum: 5744092 cc66db4d6319f3115bebbe7a530950e0
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_powerpc.deb
Size/MD5 checksum: 5581730 cacef2383b679cecc01b5f8b039c6a5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_s390.deb
Size/MD5 checksum: 5536144 043ff8f2871620435156699cb28ab897
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_sparc.deb
Size/MD5 checksum: 5460146 74f43838cbe0cc7e33e75f46a3ea209a
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.dsc
Size/MD5 checksum: 1535 2f2559433a5e6996e514dafcca7dd69c
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.diff.gz
Size/MD5 checksum: 100462 83f637fa1b723157588d60b00a6b3a24
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
Size/MD5 checksum: 12212309 42fc1b31aa745c3765c2fcd2da243236
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 28512 ade6aa8af31b6bac6c452ea151db60b8
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 28726 10ba84f9f9385457a238ed77d89ed5c1
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 2790286 6c42b8804fe67c08afac4844c132c885
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 28514 539902aa120256407c4d8e865b1c5904
http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 28514 cb5278471b25206d79427cabc4ce2ea3
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny1_all.deb
Size/MD5 checksum: 28522 9443d3a57981788d7c307ecd77f7ab1c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_alpha.deb
Size/MD5 checksum: 762156 4e36f7ff8af994054cffabb253c51ba9
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_alpha.deb
Size/MD5 checksum: 2628412 1238c1f69916afdd72ef4ad265437844
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_alpha.deb
Size/MD5 checksum: 65272 e0db66adbdc1ecf15cf0bc07b331d72c
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_alpha.deb
Size/MD5 checksum: 35280 dbaeb18e5f652d20f9756acdd16285bc
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_amd64.deb
Size/MD5 checksum: 2324530 f5b409aaa3a652c232c6dc1c5c31b824
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_amd64.deb
Size/MD5 checksum: 35292 8589ff0d11cf1df9e8af3407cdd23ec2
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_amd64.deb
Size/MD5 checksum: 798148 311a2a0375b14bdfabb7a49c4ee5a388
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_amd64.deb
Size/MD5 checksum: 62126 286cad4bbf646f4c3db19528cde748ed
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_arm.deb
Size/MD5 checksum: 2176974 3053978d7f749cba4ce6b68580b3733f
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_arm.deb
Size/MD5 checksum: 59684 c758e0c50cc23195b1b588054591a56d
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_arm.deb
Size/MD5 checksum: 34654 18d4896df4df84814f27fc8f4aa5594c
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_arm.deb
Size/MD5 checksum: 796402 b04ba32752a0a9ba9c645c921100535f
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_armel.deb
Size/MD5 checksum: 35296 e8e3031e8005ac8a6d312b24d5dbff23
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_armel.deb
Size/MD5 checksum: 63276 a525fc26418e4bc95bdfaa55a1bea7d6
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_armel.deb
Size/MD5 checksum: 799534 029d1ca77de78e6c123246db94f23726
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_armel.deb
Size/MD5 checksum: 2211746 d5deb1d2d75e62c41804b88c52021e1d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_hppa.deb
Size/MD5 checksum: 2568152 d57efabc1fc8076c2d31793fb7f8a4ac
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_hppa.deb
Size/MD5 checksum: 796056 738411624ecf1cedf40c6437db6bbeaa
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_hppa.deb
Size/MD5 checksum: 36130 9c629bb5ac49d922e0dd19bc201260af
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_hppa.deb
Size/MD5 checksum: 65802 926ddc29fc040141841f7ad9939010f4
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_i386.deb
Size/MD5 checksum: 60650 09929bd54215e145ccbb400bd5fd64b4
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_i386.deb
Size/MD5 checksum: 2221498 bf1da8385d836970119e02ee8ba2679d
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_i386.deb
Size/MD5 checksum: 36130 ae0ac01db0c9d94dcaafd66891a19fcd
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_i386.deb
Size/MD5 checksum: 797038 2b334a1592e6b8c41803a3dd350ef514
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_ia64.deb
Size/MD5 checksum: 762564 b4e9e1bb352813d8598ed0820dc6d563
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_ia64.deb
Size/MD5 checksum: 80240 96679a948d589619d83926074c11a99b
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_ia64.deb
Size/MD5 checksum: 35278 385266dfdf5cca6bcfe5076b6d78b804
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_ia64.deb
Size/MD5 checksum: 3615012 5be855cf7988372e69017ef193eaea81
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mips.deb
Size/MD5 checksum: 798528 2c06f890ab0f951623609c10a13ef20c
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mips.deb
Size/MD5 checksum: 36222 adef63b494296202b32fe81d979b0999
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mips.deb
Size/MD5 checksum: 2307372 4b41acf75b32134f2bd92685a3a7ccb4
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mips.deb
Size/MD5 checksum: 61622 f0a94415338960e5bb59ae495e395801
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mipsel.deb
Size/MD5 checksum: 35294 fe6687e3f2166d7985d117255c26540b
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mipsel.deb
Size/MD5 checksum: 61584 945878bc6fec2d0b68b726bc425a2b67
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mipsel.deb
Size/MD5 checksum: 761978 9d56a58f19cd1822925e0f4cfd76e69f
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mipsel.deb
Size/MD5 checksum: 2299918 8c54526e2c0b82dda98fe20c5c056e92
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_powerpc.deb
Size/MD5 checksum: 764044 60515f78c9c727c220d0d29bfa25a5ae
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_powerpc.deb
Size/MD5 checksum: 35284 68b7094bd9cb97a252b256037c9d0594
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_powerpc.deb
Size/MD5 checksum: 2408840 63bb2dd93f575c7e66fbdc767804b4e4
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_powerpc.deb
Size/MD5 checksum: 64990 8302cc72305a647e63e1120dd310e18d
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_s390.deb
Size/MD5 checksum: 762026 910f881d6eaccffd26934a949c888ca9
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_s390.deb
Size/MD5 checksum: 2436778 afd004cbeddcb57e86eb49093493d5f7
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_s390.deb
Size/MD5 checksum: 35278 40f1a8eaedf95e6b8043bff48a7dabfa
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_s390.deb
Size/MD5 checksum: 63232 b847b55b28214772602aca9caa72cecd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_sparc.deb
Size/MD5 checksum: 2186660 d6f70af487a94d9a8d15bc04b2907171
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_sparc.deb
Size/MD5 checksum: 35288 7f7ffd352ce32f219136cfaa596928f7
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_sparc.deb
Size/MD5 checksum: 59170 01a70b61316be217c9e1eaadd452dedd
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_sparc.deb
Size/MD5 checksum: 761898 bd1f18ac686723643cff62993f96bfd7
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:0345-01)以及相应补丁:
RHSA-2009:0345-01:Moderate: ghostscript security update
链接:https://www.redhat.com/support/errata/RHSA-2009-0345.html
浏览次数:3105
严重程度:0(网友投票)
绿盟科技给您安全的保障