
USN-3272-2: Ghostscript regression
USN-3272-2: Ghostscript regression Ubuntu Security Notice USN-3272-2 16th May, 2017 ghostscript regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3272-1 introduced a regression in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduceda regression when the DELAYBIND feature is used with the eqproccommand. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker [ more… ]