ALAS-2012-042

Amazon Linux 1 Security Advisory: ALAS-2012-42
Advisory Release Date: 2012-02-08 13:46 Pacific
Advisory Updated Date: 2014-09-14 15:18 Pacific

Severity: Medium

References: CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 CVE-2010-4820 RHSA-2012-0095
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743)

It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used (to prevent the current working directory being searched first). If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code. (CVE-2010-2055)

Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820)

Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first).

A flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054)

Affected Packages:

ghostscript

Issue Correction:
Run yum update ghostscript to update your system.

New Packages:

i686:
    ghostscript-doc-8.70-11.20.amzn1.i686
    ghostscript-debuginfo-8.70-11.20.amzn1.i686
    ghostscript-devel-8.70-11.20.amzn1.i686
    ghostscript-8.70-11.20.amzn1.i686

src:
    ghostscript-8.70-11.20.amzn1.src

x86_64:
    ghostscript-8.70-11.20.amzn1.x86_64
    ghostscript-devel-8.70-11.20.amzn1.x86_64
    ghostscript-doc-8.70-11.20.amzn1.x86_64
    ghostscript-debuginfo-8.70-11.20.amzn1.x86_64

Additional References

Red Hat: CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820

Mitre: CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820