Mandriva Linux Security Advisory : ghostscript (MDVSA-2010:136)
High Nessus Plugin ID 48194
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in ghostscript :
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name (CVE-2009-4897).
Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter (CVE-2010-1628).
As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.