AmazonALAS-2012-042Medium: ghostscript
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.044 Low
EPSS
Percentile
92.4%
Issue Overview:
An integer overflow flaw was found in Ghostscript’s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743)
It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the “-I” option, or the “-P-” option was used (to prevent the current working directory being searched first). If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code. (CVE-2010-2055)
Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the “-P-” option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the “-P” option (to always search the current working directory first).
A flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054)
Affected Packages:
ghostscript
Issue Correction:
Run yum update ghostscript to update your system.
New Packages:
i686:
ghostscript-doc-8.70-11.20.amzn1.i686
ghostscript-debuginfo-8.70-11.20.amzn1.i686
ghostscript-devel-8.70-11.20.amzn1.i686
ghostscript-8.70-11.20.amzn1.i686
src:
ghostscript-8.70-11.20.amzn1.src
x86_64:
ghostscript-8.70-11.20.amzn1.x86_64
ghostscript-devel-8.70-11.20.amzn1.x86_64
ghostscript-doc-8.70-11.20.amzn1.x86_64
ghostscript-debuginfo-8.70-11.20.amzn1.x86_64
Additional References
Red Hat: CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820
Mitre: CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | ghostscript-doc | < 8.70-11.20.amzn1 | ghostscript-doc-8.70-11.20.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ghostscript-debuginfo | < 8.70-11.20.amzn1 | ghostscript-debuginfo-8.70-11.20.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ghostscript-devel | < 8.70-11.20.amzn1 | ghostscript-devel-8.70-11.20.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ghostscript | < 8.70-11.20.amzn1 | ghostscript-8.70-11.20.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | ghostscript | < 8.70-11.20.amzn1 | ghostscript-8.70-11.20.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ghostscript-devel | < 8.70-11.20.amzn1 | ghostscript-devel-8.70-11.20.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ghostscript-doc | < 8.70-11.20.amzn1 | ghostscript-doc-8.70-11.20.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ghostscript-debuginfo | < 8.70-11.20.amzn1 | ghostscript-debuginfo-8.70-11.20.amzn1.x86_64.rpm |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.044 Low
EPSS
Percentile
92.4%