Overview

File _patchinfo of Package patchinfo.5706

<patchinfo incident="5706">
  <issue id="1001951" tracker="bnc">VUL-0: EMU: CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979: ghostscript,ghostscript-library: getenv and filenameforall ignore -dSAFER, possible RCE</issue>
  <issue id="2016-7978" tracker="cve" />
  <issue id="2013-5653" tracker="cve" />
  <issue id="2016-7979" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>simotek</packager>
  <description>This update for ghostscript-library fixes the following issues:

- Multiple security vulnerabilities have been discovered where ghostscript's
  "-dsafer" flag did not provide sufficient protection against unintended
  access to the file system. Thus, a machine that would process a specially
  crafted Postscript file would potentially leak sensitive information to an
  attacker. (CVE-2013-5653, bsc#1001951)

- An incorrect reference count was found in .setdevice. This issue lead to a
  use-after-free scenario, which could have been exploited for
  denial-of-service or, possibly, arbitrary code execution attacks.
  (CVE-2016-7978, bsc#1001951)

- Insufficient validation of the type of input in .initialize_dsc_parser used
  to allow remote code execution. (CVE-2016-7979, bsc#1001951)

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for ghostscript-library</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places