Overview

File _patchinfo of Package patchinfo.4816

<patchinfo incident="4816">
  <issue id="1032120" tracker="bnc">VUL-1: CVE-2016-10220: ghostscript: The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.Ghostscript 9.20 al...</issue>
  <issue id="1032114" tracker="bnc">VUL-1: CVE-2017-5951: ghostscript: The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.Ghostscript 9.20 all...</issue>
  <issue id="1018128" tracker="bnc">VUL-1: CVE-2016-9601: ghostscript,ghostscript-library,jbig2dec: Heap-buffer overflow due to Integer overflow in jbig2_image_new function</issue>
  <issue id="1030263" tracker="bnc">VUL-1: CVE-2017-7207: ghostscript, ghostscript-library: The mem_get_bits_rectangle function allows remote attackers to cause a denial of service</issue>
  <issue id="1036453" tracker="bnc">EMU: VUL-0: CVE-2017-8291: ghostscript,ghostscript-library: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remotecommand execution via a "/Ou...</issue>
  <issue id="2017-5951" tracker="cve" />
  <issue id="2016-10220" tracker="cve" />
  <issue id="2017-7207" tracker="cve" />
  <issue id="2017-8291" tracker="cve" />
  <issue id="2016-9601" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update for ghostscript fixes the following security vulnerabilities:

- CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were
  exploited in the wild. (bsc#1036453)
- CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause
  a Denial-of-Service. (bsc#1018128)
- CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers
  to cause a Denial-of-Service. (bsc#1032120)
- CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service
  via a crafted PostScript document. (bsc#1032114)
- CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service
  via a crafted PostScript document. (bsc#1030263)

This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages.

</description>
  <summary>Security update for ghostscript</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places