Security update for ghostscript-library (important)

2016-10-11T18:09:48
ID SUSE-SU-2016:2493-1
Type suse
Reporter Suse
Modified 2016-10-11T18:09:48

Description

This update for ghostscript-library fixes the following issues:

  • Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951)

  • Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951)

  • An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342)