Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)
Critical Nessus Plugin ID 39562
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple security vulnerabilities has been identified and fixed in ghostscript :
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522).
Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library.
SolutionUpdate the affected packages.