ID de Prueba:	1.3.6.1.4.1.25623.1.0.67676
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:134 (ghostscript)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ghostscript announced via advisory MDVSA-2010:134. Multiple vulnerabilities has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver (CVE-2009-4270). Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter (CVE-2010-1628). As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:134 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4270 37410 http://www.securityfocus.com/bid/37410 37851 http://secunia.com/advisories/37851 40580 http://secunia.com/advisories/40580 61140 http://osvdb.org/61140 ADV-2009-3597 http://www.vupen.com/english/advisories/2009/3597 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2010:134 http://www.mandriva.com/security/advisories?name=MDVSA-2010:134 MDVSA-2010:135 http://www.mandriva.com/security/advisories?name=MDVSA-2010:135 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html USN-961-1 http://www.ubuntu.com/usn/USN-961-1 [oss-security] 20091217 possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/1 [oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/2 http://bugs.ghostscript.com/show_bug.cgi?id=690829 https://bugzilla.redhat.com/show_bug.cgi?id=540760 Common Vulnerability Exposure (CVE) ID: CVE-2010-1628 20100511 Multiple memory corruption vulnerabilities in Ghostscript http://seclists.org/fulldisclosure/2010/May/134 20100512 Multiple memory corruption vulnerabilities in Ghostscript http://www.securityfocus.com/archive/1/511243/100/0/threaded 39753 http://secunia.com/advisories/39753 40107 http://www.securityfocus.com/bid/40107 ADV-2010-1138 http://www.vupen.com/english/advisories/2010/1138 [oss-security] 20100511 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/12/1 [oss-security] 20100518 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/18/7 http://bugs.ghostscript.com/show_bug.cgi?id=691295 https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.