[SECURITY] [DLA 674-1] ghostscript security update

Package : ghostscript Version : 9.05dfsg-6.3+deb7u3 CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 Debian Bug : 839118 839260 839841 839845 839846 840451 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which...

Debian DLA-674-2 : ghostscript regression update

The update for ghostscript issued as DLA-674-1 caused regressions for certain Postscript document viewers evince, zathura. Updated packages are now available to address this problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Ghostscript, the GPL...

DLA-674-1 ghostscript - security update

Bulletin has no description...

openSUSE Security Update : ghostscript-library (openSUSE-2016-1207)

This update for ghostscript-library fixes the following issues : - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted...

openSUSE: Security Advisory for ghostscript-library (openSUSE-SU-2016:2574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7979

It was found that the ghostscript function .initializedscparser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process...

CVE-2016-7978

It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process...

Security update for ghostscript-library (important)

This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted...

[SECURITY] Fedora 23 Update: ghostscript-9.20-2.fc23

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

Fedora 23 : ghostscript (2016-1c13825502)

This is a rebase of ghostscript package, to address several security issues : - CVE-2016-7977 - .libfile does not honor -dSAFER - CVE-2013-5653 - getenv and filenameforall ignore -dSAFER - CVE-2016-7976 - various userparams allow %pipe% in paths, allowing remote shell - CVE-2016-7978 - reference...

Fedora 24 : ghostscript (2016-53e8aa35f6)

This is a rebase of ghostscript package, to address several security issues : - CVE-2016-7977 - .libfile does not honor -dSAFER - CVE-2013-5653 - getenv and filenameforall ignore -dSAFER - CVE-2016-7976 - various userparams allow %pipe% in paths, allowing remote shell - CVE-2016-7978 - reference...

[SECURITY] Fedora 24 Update: ghostscript-9.20-2.fc24

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[SECURITY] Fedora 25 Update: ghostscript-9.20-2.fc25

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

Ghostscript Memory Corruption Vulnerability

Ghostscript is a set of Adobe-based, PostScript and portable document format PDF page description language and compiled into the free software. A memory corruption vulnerability exists in Ghostscript, which can be exploited to cause remote code execution...

Ghostscript Remote File Disclosure Vulnerability

Ghostscript is a set of Adobe-based, PostScript and portable document format PDF page description language and compiled into the free software. A remote file disclosure vulnerability exists in Ghostscript due to an unchecked PermitFileReading array, which can be exploited to cause remote file...

Ghostscript Remote Command Execution Vulnerability

Ghostscript is a set of Adobe-based, PostScript and portable document format PDF page description language and compiled into the free software. A remote command execution vulnerability exists in Ghostscript that could allow a remote attacker to execute arbitrary code within the context of the...

Ghostscript Remote Code Execution Vulnerability

Ghostscript is a set of Adobe-based, PostScript and portable document format PDF page description language and compiled into the free software. A remote code execution vulnerability exists in Ghostscript, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-8602

It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process...

Debian DSA-3691-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

[SECURITY] [DSA 3691-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3691-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2016 https://www.debian.org/security/faq -...