Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Fedora 24 Ghostscript Update 2017-5136456ce3 Critical: Buffer Overflow

fedora
Calendar Grey January 29, 2017
Scroller Fedora
Essential Ghostscript patch released for Fedora 24 rectifying heap-buffer overflow vulnerabilities and licensing concerns. Discover further details now!
This is a security update for these CVEs: * [CVE-2016-9601](https://bugzilla.redhat.com/show_bug.cgi?id=1410021) - *Heap- buffer overflow in jbig2_image_new function* This update a...

Summary

Ghostscript is a set of software that provides a PostScript

interpreter, a set of C procedures (the Ghostscript library, which

implements the graphics capabilities in the PostScript language) and

an interpreter for Portable Document Format (PDF) files. Ghostscript

translates PostScript code into many common, bitmapped formats, like

those understood by your printer or screen. Ghostscript is normally

used to display PostScript files and to print PostScript files to

non-PostScript printers.

If you need to display PostScript files or print them to

non-PostScript printers, you should install ghostscript. If you

install ghostscript, you also need to install the ghostscript-fonts

package.

Update Information:

This is a security update for these CVEs: * [CVE-2016-9601](https://bugzilla.redhat.com/show_bug.cgi?id=1410021) - *Heap- buffer overflow in jbig2_image_new function* This update also solves possible licensing issues with ghostscritpt's source code.

Change Log

References


[ 1 ] Bug #1410022 - CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410022 [ 2 ] Bug #1404933 - ghostscript and non-free UTF code. https://bugzilla.redhat.com/show_bug.cgi?id=1404933

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ghostscript' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ghostscript
Product: Fedora 24
Version: 9.20
Release: 6.fc24
Summary: A PostScript interpreter and renderer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.