Advisories » MGASA-2017-0355

Updated ghostscript packages fix security vulnerabilities

Publication date: 05 Oct 2017
Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9611 , CVE-2017-9612 , CVE-2017-9726 , CVE-2017-9727 , CVE-2017-9739 , CVE-2017-9835 , CVE-2017-11714

Description

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS
9.21 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9611)

The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS
9.21 allows remote attackers to cause a denial of service
(use-after-free and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9612)

The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS
9.21 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9726)

The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document. (CVE-2017-9727)

The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS
9.21 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9739)

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript
9.21 allows remote attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted PostScript document. This is related to a
lack of an integer overflow check in base/gsalloc.c. (CVE-2017-9835)

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the
scanner state structure, which allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other impact
via a crafted PostScript document, related to an out-of-bounds read in
the igc_reloc_struct_ptr function in psi/igc.c. (CVE-2017-11714)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21630
• https://usn.ubuntu.com/usn/usn-3403-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9611
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9612
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9726
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9727
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9739
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9835
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11714

SRPMS

5/core

• ghostscript-9.20-1.1.mga5

6/core

• ghostscript-9.20-3.1.mga6