ghostscript security update

2017-08-24T01:37:17
ID CESA-2017:2180
Type centos
Reporter CentOS Project
Modified 2017-08-24T01:37:17

Description

CentOS Errata and Security Advisory CESA-2017:2180

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

  • A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process. (CVE-2017-7207)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004133.html

Affected packages: ghostscript ghostscript-cups ghostscript-devel ghostscript-doc ghostscript-gtk

Upstream details at: