Updated ghostscript packages fix security vulnerabilities
Publication date: 29 Nov 2017Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6196 , CVE-2017-7948 , CVE-2017-8908 , CVE-2017-9216 , CVE-2017-9610 , CVE-2017-9618 , CVE-2017-9619 , CVE-2017-9620 , CVE-2017-9740
Description
Multiple use-after-free vulnerabilities in the gx_image_enum_begin
function in base/gxipixel.c in Ghostscript before
ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a crafted PostScript document. (CVE-2017-6196)
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
write and application crash) or possibly have unspecified other impact
via a crafted PostScript document. (CVE-2017-7948)
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted PostScript document. (CVE-2017-8908)
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
(CVE-2017-9216)
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document. (CVE-2017-9610)
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9618)
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (Segmentation Violation and application crash) via a crafted
file. (CVE-2017-9619)
The xps_select_font_encoding function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document, related to the
xps_encode_font_char_imp function. (CVE-2017-9620)
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document. (CVE-2017-9740)
References
- https://bugs.mageia.org/show_bug.cgi?id=22052
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2QUCMGMEGU4TK3I5424ZFZYFJHEQRF4P/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6196
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8908
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9620
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9740
SRPMS
5/core
- ghostscript-9.22-1.mga5
6/core
- ghostscript-9.22-1.mga6