Updated ghostscript packages fix security vulnerabilities
Publication date: 05 Oct 2017Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9611 , CVE-2017-9612 , CVE-2017-9726 , CVE-2017-9727 , CVE-2017-9739 , CVE-2017-9835 , CVE-2017-11714
Description
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9611) The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9612) The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9726) The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9727) The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9739) The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. (CVE-2017-9835) psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. (CVE-2017-11714)
References
- https://bugs.mageia.org/show_bug.cgi?id=21630
- https://usn.ubuntu.com/usn/usn-3403-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9612
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9726
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9835
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11714
SRPMS
5/core
- ghostscript-9.20-1.1.mga5
6/core
- ghostscript-9.20-3.1.mga6