Detections
Analytics
Debian DSA-1746-1 : ghostscript - several vulnerabilities
high Nessus Plugin ID 35968
Synopsis
The remote Debian host is missing a security-related update.Description
Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2009-0583 Jan Lieskovsky discovered multiple integer overflows in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images.
- CVE-2009-0584 Jan Lieskovsky discovered insufficient upper-bounds checks on certain variable sizes in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images.
Solution
Upgrade the ghostscript/gs-gpl packages.For the stable distribution (lenny), these problems have been fixed in version 8.62.dfsg.1-3.2lenny1.
For the oldstable distribution (etch), these problems have been fixed in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable is called gs-gpl.
See Also
https://security-tracker.debian.org/tracker/CVE-2009-0583
Plugin Details
Severity: High
ID: 35968
File Name: debian_DSA-1746.nasl
Version: 1.17
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/20/2009
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:ghostscript, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 3/20/2009
Reference Information
CVE: CVE-2009-0583, CVE-2009-0584
BID: 34184