| Revision Date: | 2017-05-24 | Version: | 1 |
| Title: | Security update for ghostscript (Important) |
| Description: |
This update for ghostscript fixes the following security vulnerabilities:
- CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263)
This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1018128
1030263
1032114
1032120
1036453
CVE-2016-10220
CVE-2016-9601
CVE-2017-5951
CVE-2017-7207
CVE-2017-8291
SUSE-SU-2017:1404-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information
ghostscript-9.15-22.1 is installed
OR ghostscript-x11-9.15-22.1 is installed
|