View Full Version : USN-501-2: Ghostscript vulnerability

October 23rd, 2007, 03:50 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-501-2 October 22, 2007 ghostscript, gs-gpl vulnerability CVE-2007-2721 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: gs-gpl 8.50-1.1ubuntu1.1 Ubuntu 7.04: gs-gpl 8.54.dfsg.1-5ubuntu0.1 Ubuntu 7.10: libgs8 8.61.dfsg.1~svn8187-0ubuntu3.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. Original advisory details: It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.

More... (http://www.ubuntu.com/usn/usn-501-2)