Site icon 지락문화예술공작단

USN-3272-1: Ghostscript vulnerabilities

USN-3272-1: Ghostscript vulnerabilities

Ubuntu Security Notice USN-3272-1

28th April, 2017

ghostscript vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Several security issues were fixed in Ghostscript.

Software description

Details

It was discovered that Ghostscript improperly handled parameters to
the rsdparams and eqproc commands. An attacker could use these to
craft a malicious document that could disable -dSAFER protections,
thereby allowing the execution of arbitrary code, or cause a denial
of service (application crash). (CVE-2017-8291)

Kamil Frankowicz discovered a use-after-free vulnerability in the
color management module of Ghostscript. An attacker could use this
to cause a denial of service (application crash). (CVE-2016-10217)

Kamil Frankowicz discovered a divide-by-zero error in the scan
conversion code in Ghostscript. An attacker could use this to cause
a denial of service (application crash). (CVE-2016-10219)

Kamil Frankowicz discovered multiple NULL pointer dereference errors in
Ghostscript. An attacker could use these to cause a denial of service
(application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
ghostscript-x

9.19~dfsg+1-0ubuntu7.2
ghostscript

9.19~dfsg+1-0ubuntu7.2
libgs9

9.19~dfsg+1-0ubuntu7.2
libgs9-common

9.19~dfsg+1-0ubuntu7.2
Ubuntu 16.10:
ghostscript-x

9.19~dfsg+1-0ubuntu6.4
ghostscript

9.19~dfsg+1-0ubuntu6.4
libgs9

9.19~dfsg+1-0ubuntu6.4
libgs9-common

9.19~dfsg+1-0ubuntu6.4
Ubuntu 16.04 LTS:
ghostscript-x

9.18~dfsg~0-0ubuntu2.4
ghostscript

9.18~dfsg~0-0ubuntu2.4
libgs9

9.18~dfsg~0-0ubuntu2.4
libgs9-common

9.18~dfsg~0-0ubuntu2.4
Ubuntu 14.04 LTS:
ghostscript-x

9.10~dfsg-0ubuntu10.7
ghostscript

9.10~dfsg-0ubuntu10.7
libgs9

9.10~dfsg-0ubuntu10.7
libgs9-common

9.10~dfsg-0ubuntu10.7
Ubuntu 12.04 LTS:
ghostscript-x

9.05~dfsg-0ubuntu4.5
ghostscript

9.05~dfsg-0ubuntu4.5
libgs9

9.05~dfsg-0ubuntu4.5
libgs9-common

9.05~dfsg-0ubuntu4.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-10217,

CVE-2016-10219,

CVE-2016-10220,

CVE-2017-5951,

CVE-2017-7207,

CVE-2017-8291

Source: USN-3272-1: Ghostscript vulnerabilities

Exit mobile version