USN-3148-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3148-1 1st December, 2016 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file. Software description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscriptprocesses certain Postscript files. If a user or automated system were trickedinto opening a specially crafted file, an attacker could cause a denial ofservice or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978,CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in Ghostscript related to informationdisclosure. If a user or automated system were tricked into opening a speciallycrafted file, an attacker could expose sensitive data. (CVE-2013-5653,CVE-2016-7977) Update instructions The problem can be corrected [ more… ]