Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora: 24 Ghostscript Update 2016-53e8aa35f6 Moderate Risk: RCE

fedora
Calendar Grey October 18, 2016
Dist Fedora Esm H88
Fedora 24 has released a Ghostscript security patch to fix several vulnerabilities. Make sure to apply the new update for enhanced protection.
This is a rebase of **ghostscript** package, to address several security issues: * [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor ...

Summary

Ghostscript is a set of software that provides a PostScript

interpreter, a set of C procedures (the Ghostscript library, which

implements the graphics capabilities in the PostScript language) and

an interpreter for Portable Document Format (PDF) files. Ghostscript

translates PostScript code into many common, bitmapped formats, like

those understood by your printer or screen. Ghostscript is normally

used to display PostScript files and to print PostScript files to

non-PostScript printers.

If you need to display PostScript files or print them to

non-PostScript printers, you should install ghostscript. If you

install ghostscript, you also need to install the ghostscript-fonts

package.

Update Information:

This is a rebase of **ghostscript** package, to address several security issues: * [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor -dSAFER* * [CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi?id=1380327) - *getenv and filenameforall ignore -dSAFER* * [CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi?id=1382294) - *various userparams allow %pipe% in paths, allowing remote shell* * [CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi?id=1382300) - *reference leak in .setdevice allows use-after-free and remote code* * [CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi?id=1382305) - *Type confusion in .initialize_dsc_parser allows remote code execution* ----------- #### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS: **ghostscript** has been rebased to latest upstream version (9.20). Rebase notes: * **no API/ABI changes between versions 9.16 -> 9.20 according to upstream** * *OpenJPEG* support has bee...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security issue software update Fedora remote code execution ghostscript

Change Log

References


[ 1 ] Bug #1380415 - CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER https://bugzilla.redhat.com/show_bug.cgi?id=1380415 [ 2 ] Bug #1380327 - CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER https://bugzilla.redhat.com/show_bug.cgi?id=1380327 [ 3 ] Bug #1382294 - CVE-2016-7976 ghostscript: various userparams allow %pipe% in paths, allowing remote shell https://bugzilla.redhat.com/show_bug.cgi?id=1382294 [ 4 ] Bug #1382300 - CVE-2016-7978 ghostscript: reference leak in .setdevice allows use-after-free and remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1382300 [ 5 ] Bug #1382305 - CVE-2016-7979 ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1382305

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ghostscript' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: ghostscript
Product: Fedora 24
Version: 9.20
Release: 2.fc24
URL: https://www.ghostscript.com/
Summary: A PostScript interpreter and renderer

Topics%20covered

Topics Covered

security advisory moderate security issue software update Fedora remote code execution ghostscript

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here