SUSE-SU-2017:1138-1
Vulnerability Summary
Timeline
Description
Security update for ghostscript This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263)
Affected Systems
- suse•ghostscript&distro=SUSE Linux Enterprise Desktop 12 SP1
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Desktop 12 SP2
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Server 12 SP1
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Server 12 SP2
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 9.15-20.1
- suse•ghostscript&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 9.15-20.1
References (11)
- https://www.suse.com/support/update/announcement/2017/suse-su-20171138-1/
- https://bugzilla.suse.com/1018128
- https://bugzilla.suse.com/1030263
- https://bugzilla.suse.com/1032114
- https://bugzilla.suse.com/1032120
- https://bugzilla.suse.com/1036453
- https://www.suse.com/security/cve/CVE-2016-10220
- https://www.suse.com/security/cve/CVE-2016-9601
- https://www.suse.com/security/cve/CVE-2017-5951
- https://www.suse.com/security/cve/CVE-2017-7207
- https://www.suse.com/security/cve/CVE-2017-8291