Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Ghostscript.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
Kamil Frankowicz discovered that Ghostscript mishandles references.
A remote attacker could use this to cause a denial of service.
(CVE-2017-11714)
Kim Gwan Yeong discovered that Ghostscript could allow a heap-based
buffer over-read and application crash. A remote attacker could use a
crafted document to cause a denial of service. (CVE-2017-9611,
CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)
Kim Gwan Yeong discovered an use-after-free vulnerability in
Ghostscript. A remote attacker could use a crafted file to cause a
denial of service. (CVE-2017-9612)
Kim Gwan Yeong discovered a lack of integer overflow check in
Ghostscript. A remote attacker could use crafted PostScript document to
cause a denial of service. (CVE-2017-9835)
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: ghostscript 9.19~dfsg+1-0ubuntu7.6 ghostscript-x 9.19~dfsg+1-0ubuntu7.6 libgs9 9.19~dfsg+1-0ubuntu7.6 libgs9-common 9.19~dfsg+1-0ubuntu7.6 Ubuntu 16.04 LTS: ghostscript 9.18~dfsg~0-0ubuntu2.7 ghostscript-x 9.18~dfsg~0-0ubuntu2.7 libgs9 9.18~dfsg~0-0ubuntu2.7 libgs9-common 9.18~dfsg~0-0ubuntu2.7 Ubuntu 14.04 LTS: ghostscript 9.10~dfsg-0ubuntu10.10 ghostscript-x 9.10~dfsg-0ubuntu10.10 libgs9 9.10~dfsg-0ubuntu10.10 libgs9-common 9.10~dfsg-0ubuntu10.10 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3403-1
CVE-2017-11714, CVE-2017-9611, CVE-2017-9612, CVE-2017-9726,
CVE-2017-9727, CVE-2017-9739, CVE-2017-9835
Get the latest Linux and open source security news straight to your inbox.