Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that Ghostscript did not correctly handle memory
allocation when parsing certain malformed JPEG-2000 images. If a user
or automated system were tricked into opening a specially crafted
image, an attacker could cause a denial of service and possibly
execute arbitrary code with user privileges. (CVE-2008-3520)

It was discovered that Ghostscript did not correctly handle certain
formatting operations when parsing JPEG-2000 images. If a user or
automated system were tricked into opening a specially crafted image,
an attacker could cause a denial of service and possibly execute
arbitrary code with user privileges. (CVE-2008-3522)

It was discovered that Ghostscript incorrectly handled certain
malformed TrueType fonts. If a user or automated system were tricked
into opening a document containing a specially crafted font, an
attacker could cause a denial of service and possibly execute
arbitrary code with user privileges. This issue only affected Ubuntu
8.04 LTS. (CVE-2009-3743)

It was discovered that Ghostscript incorrectly handled certain
malformed Type 2 fonts. If a user or automated system were tricked
into opening a document containing a specially crafted font, an
attacker could cause a denial of service and possibly execute
arbitrary code with user privileges. This issue only affected Ubuntu
8.04 LTS. (CVE-2010-4054)

Jonathan Foote discovered that Ghostscript incorrectly handled certain
malformed JPEG-2000 image files. If a user or automated system were
tricked into opening a specially crafted JPEG-2000 image file, an
attacker could cause Ghostscript to crash or possibly execute
arbitrary code with user privileges. (CVE-2011-4516, CVE-2011-4517).

Solution :

Update the affected libgs8 package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 57436 ()

Bugtraq ID: 31470
42640
43932
50992

CVE ID: CVE-2008-3520
CVE-2008-3522
CVE-2009-3743
CVE-2010-4054
CVE-2011-4516
CVE-2011-4517