Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 27: Low-Impact Ghostscript Security Update for Poppler-Data

fedora
Calendar Grey November 15, 2017
Dist Fedora Esm H88
Fedora announces a security patch for Poppler, targeting minor vulnerabilities while enhancing user performance and stability.
Latest release of `Ghostscript` (version `9.22`) fixes several *low-impact* security issues, as it provides regular quality improvements & fixes as well.

Summary

This package consists of encoding files for poppler. When installed,

the encoding files enables poppler to correctly render CJK and Cyrillic

properly.

Latest release of `Ghostscript` (version `9.22`) fixes several *low-impact*

security issues, as it provides regular quality improvements & fixes as well.

[ 1 ] Bug #1433159 - ghostscript-9.22 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1433159

[ 2 ] Bug #1491191 - ghostscript 9.20 (gs bug number 697846) causes pstoedit to fail, breaking textext in inkscape

https://bugzilla.redhat.com/show_bug.cgi?id=1491191

[ 3 ] Bug #1476193 - CVE-2017-11714 ghostscript: Out of bounds read in igc_reloc_struct_ptr() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1476193

[ 4 ] Bug #1475838 - CVE-2017-9610 CVE-2017-9611 CVE-2017-9612 CVE-2017-9618 CVE-2017-9619 CVE-2017-9620 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9740 CVE-2017-9835 ghostscript: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1475838

[ 5 ] Bug #1456729 - CVE-2017-9216 ghostscript: jbig2dec: Null pointer dereference in jbig2_huffman_get() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1456729

[ 6 ] Bug #1451250 - CVE-2017-8908 ghostscript: Out-of-bounds read in mark_line_tr function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1451250

[ 7 ] Bug #1444945 - CVE-2017-7948 ghostscript: Integer overflow in the mark_curve function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1444945

[ 8 ] Bug #1427442 - CVE-2017-6196 ghostscript: Multiple use-after-free vulnerabilities in gx_image_enum_begin function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1427442

su -c 'dnf upgrade poppler-data' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora ghostscript encoding files low-impact fixes

Change Log

References

Update Instructions

Severity
low
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 0.4.8
Release: 3.fc27
URL: http://poppler.freedesktop.org/
Summary: Encoding files

Topics%20covered

Topics Covered

security advisory fedora ghostscript encoding files low-impact fixes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here