Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 25 Ghostscript Security Advisory: CVE-2016-8602 & CVE-2016-7977

fedora
Calendar Grey November 19, 2016
Scroller Fedora Esm H88
Fedora 25 announces crucial Ghostscript security patch, resolving severe vulnerabilities and defending against potential cyber threats.
This is a security update for these CVEs: * [CVE-2016-8602](https://bugzilla.redhat.com/show_bug.cgi?id=1383940) - *check for sufficient params in .sethalftone5* * [CVE-2016-7977](...

Summary

Ghostscript is a set of software that provides a PostScript

interpreter, a set of C procedures (the Ghostscript library, which

implements the graphics capabilities in the PostScript language) and

an interpreter for Portable Document Format (PDF) files. Ghostscript

translates PostScript code into many common, bitmapped formats, like

those understood by your printer or screen. Ghostscript is normally

used to display PostScript files and to print PostScript files to

non-PostScript printers.

If you need to display PostScript files or print them to

non-PostScript printers, you should install ghostscript. If you

install ghostscript, you also need to install the ghostscript-fonts

package.

Update Information:

This is a security update for these CVEs: * [CVE-2016-8602](https://bugzilla.redhat.com/show_bug.cgi?id=1383940) - *check for sufficient params in .sethalftone5* * [CVE-2016-7977](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor -dSAFER* [This CVE is now correctly fixed, previous release was accidentally missing the fix.]

Change Log

References


[ 1 ] Bug #1383941 - CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383941 [ 2 ] Bug #1380416 - ghostscript: .libfile does not honor -dSAFER [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1380416

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ghostscript' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ghostscript
Product: Fedora 25
Version: 9.20
Release: 4.fc25
Summary: A PostScript interpreter and renderer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.