Описание
Security update for ghostscript
This update for ghostscript fixes the following security vulnerabilities:
- CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453)
- CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128)
- CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120)
- CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114)
- CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263)
This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1404-1
- E-Mail link for SUSE-SU-2017:1404-1
- SUSE Security Ratings
- SUSE Bug 1018128
- SUSE Bug 1030263
- SUSE Bug 1032114
- SUSE Bug 1032120
- SUSE Bug 1036453
- SUSE CVE CVE-2016-10220 page
- SUSE CVE CVE-2016-9601 page
- SUSE CVE CVE-2017-5951 page
- SUSE CVE CVE-2017-7207 page
- SUSE CVE CVE-2017-8291 page
Описание
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
Затронутые продукты
Ссылки
- CVE-2016-10220
- SUSE Bug 1032120
- SUSE Bug 1036453
Описание
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Затронутые продукты
Ссылки
- CVE-2016-9601
- SUSE Bug 1018128
- SUSE Bug 1036453
Описание
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-5951
- SUSE Bug 1032114
- SUSE Bug 1036453
Описание
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
Затронутые продукты
Ссылки
- CVE-2017-7207
- SUSE Bug 1030263
- SUSE Bug 1036453
Описание
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
Затронутые продукты
Ссылки
- CVE-2017-8291
- SUSE Bug 1036453