Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

openSUSE 42.1/42.2: 2017:1203-1 Important Ghostscript Patch

opensuse
Calendar Grey May 8, 2017
Dist Opensuse Esm H88
Ghostscript's latest update tackles critical security vulnerabilities, vital for openSUSE users. Take action to safeguard your system effectively
An update that fixes 5 vulnerabilities is now available

Description

This update for ghostscript fixes the following security vulnerabilities:

CVE-2017-8291: A remote command execution and a -dSAFER bypass via a

crafted .eps document were exploited in the wild. (bsc#1036453)

CVE-2016-9601: An integer overflow in the bundled jbig2dec library could

have been misused to cause a Denial-of-Service. (bsc#1018128)

CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module

allowed remote attackers to cause a Denial-of-Service. (bsc#1032120)

CVE-2017-5951: A NULL pointer dereference allowed remote attackers to

cause a denial of service via a crafted PostScript document. (bsc#1032114)

CVE-2017-7207: A NULL pointer dereference allowed remote attackers to

cause a denial of service via a crafted PostScript document. (bsc#1030263)

This update was imported from the SUSE:SLE-12:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-558=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-558=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

ghostscript-9.15-11.3.1

ghostscript-debuginfo-9.15-11.3.1

ghostscript-debugsource-9.15-11.3.1

ghostscript-devel-9.15-11.3.1

ghostscript-mini-9.15-11.3.1

ghostscript-mini-debuginfo-9.15-11.3.1

ghostscript-mini-debugsource-9.15-11.3.1

ghostscript-mini-devel-9.15-11.3.1

ghostscript-x11-9.15-11.3.1

ghostscript-x11-debuginfo-9.15-11.3.1

- openSUSE Leap 42.1 (i586 x86_64):

ghostscript-9.15-17.1

ghostscript-debuginfo-9.15-17.1

ghostscript-debugsource-9.15-17.1

ghostscript-devel-9.15-17.1

ghostscript-mini-9.15-17.1

ghostscript-mini-debuginfo-9.15-17.1

ghostscript-mini-debugsource-9.15-17.1

ghostscript-mini-devel-9.15-17.1

ghostscript-x11-9.15-17.1

ghostscript-x11-debuginfo-9.15-17.1

References

https://www.suse.com/security/cve/CVE-2016-10220.html

https://www.suse.com/security/cve/CVE-2016-9601.html

https://www.suse.com/security/cve/CVE-2017-5951.html

https://www.suse.com/security/cve/CVE-2017-7207.html

https://www.suse.com/security/cve/CVE-2017-8291.html

https://bugzilla.suse.com/1018128

https://bugzilla.suse.com/1030263

https://bugzilla.suse.com/1032114

https://bugzilla.suse.com/1032120

https://bugzilla.suse.com/1036453

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1203-1
Rating: important
Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.