ALAS-2012-042


Amazon Linux AMI Security Advisory: ALAS-2012-42
Advisory Release Date: 2014-09-14 15:18 Pacific
Severity: Medium

Issue Overview:

An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743 )

It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used (to prevent the current working directory being searched first). If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code. (CVE-2010-2055 )

Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820 )

Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first).

A flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054 )


Affected Packages:

ghostscript


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
i686:
    ghostscript-doc-8.70-11.20.amzn1.i686
    ghostscript-debuginfo-8.70-11.20.amzn1.i686
    ghostscript-devel-8.70-11.20.amzn1.i686
    ghostscript-8.70-11.20.amzn1.i686

src:
    ghostscript-8.70-11.20.amzn1.src

x86_64:
    ghostscript-8.70-11.20.amzn1.x86_64
    ghostscript-devel-8.70-11.20.amzn1.x86_64
    ghostscript-doc-8.70-11.20.amzn1.x86_64
    ghostscript-debuginfo-8.70-11.20.amzn1.x86_64