Oval Definition:oval:com.redhat.rhsa:def:20170013
Revision Date:2017-01-04Version:638
Title:RHSA-2017:0013: ghostscript security update (Moderate)
Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

  • It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977)

  • It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978)

  • It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979)

  • It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2013-5653
    CVE-2016-7977
    CVE-2016-7978
    CVE-2016-7979
    CVE-2016-8602
    RHSA-2017:0013
    RHSA-2017:0013-00
    RHSA-2017:0013-01
    RHSA-2017:0013-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • ghostscript is earlier than 0:9.07-20.el7_3.1
  • AND ghostscript is signed with Red Hat redhatrelease2 key
  • ghostscript-cups is earlier than 0:9.07-20.el7_3.1
  • AND ghostscript-cups is signed with Red Hat redhatrelease2 key
  • ghostscript-devel is earlier than 0:9.07-20.el7_3.1
  • AND ghostscript-devel is signed with Red Hat redhatrelease2 key
  • ghostscript-doc is earlier than 0:9.07-20.el7_3.1
  • AND ghostscript-doc is signed with Red Hat redhatrelease2 key
  • ghostscript-gtk is earlier than 0:9.07-20.el7_3.1
  • AND ghostscript-gtk is signed with Red Hat redhatrelease2 key
  • BACK