You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ghostscript

Sigurnosni nedostaci programskog paketa ghostscript

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3403-1
August 28, 2017

ghostscript vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ghostscript.

Software Description:
– ghostscript: PostScript and PDF interpreter

Details:

Kamil Frankowicz discovered that Ghostscript mishandles references.
A remote attacker could use this to cause a denial of service.
(CVE-2017-11714)

Kim Gwan Yeong discovered that Ghostscript could allow a heap-based
buffer over-read and application crash. A remote attacker could use a
crafted document to cause a denial of service. (CVE-2017-9611, 
CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)

Kim Gwan Yeong discovered an use-after-free vulnerability in
Ghostscript. A remote attacker could use a crafted file to cause a
denial of service. (CVE-2017-9612)

Kim Gwan Yeong discovered a lack of integer overflow check in
Ghostscript. A remote attacker could use crafted PostScript document to
cause a denial of service. (CVE-2017-9835)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  ghostscript                     9.19~dfsg+1-0ubuntu7.6
  ghostscript-x                   9.19~dfsg+1-0ubuntu7.6
  libgs9                          9.19~dfsg+1-0ubuntu7.6
  libgs9-common                   9.19~dfsg+1-0ubuntu7.6

Ubuntu 16.04 LTS:
  ghostscript                     9.18~dfsg~0-0ubuntu2.7
  ghostscript-x                   9.18~dfsg~0-0ubuntu2.7
  libgs9                          9.18~dfsg~0-0ubuntu2.7
  libgs9-common                   9.18~dfsg~0-0ubuntu2.7

Ubuntu 14.04 LTS:
  ghostscript                     9.10~dfsg-0ubuntu10.10
  ghostscript-x                   9.10~dfsg-0ubuntu10.10
  libgs9                          9.10~dfsg-0ubuntu10.10
  libgs9-common                   9.10~dfsg-0ubuntu10.10

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3403-1
  CVE-2017-11714, CVE-2017-9611, CVE-2017-9612, CVE-2017-9726,
  CVE-2017-9727, CVE-2017-9739, CVE-2017-9835

Package Information:
  https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu7.6
  https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.7
  https://launchpad.net/ubuntu/+source/ghostscript/9.10~dfsg-0ubuntu10.10
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZpF0DAAoJEEW851uECx9pB04P/3cxqS61iCK5JMEte81F7TKM
hxx71/NsXXxLi/avGOF+fH+MV6IJwcT0vNlLmiuyaYeYtTNzAMBxR7T3H8oRo2iA
u6QHIRImrGErC2op1QD3ctIn2+Sv6mFGrelZwswsEiYKkFIa0JL+5cJzokltQw30
nBEPQc0Ees/xVCYHenv6KlB8Jo9W9e8qE9COVN7pxp3RbBEOtUiIhiNc7DXmk2/i
kALxbdKWd9egmaI/X/fbCsxT7WdUTM+fAbc4jvZYMmazoSIcM//2kAsECd3MprbD
Uvxwj031rQR5NhXt6E4M8WIWk5DJyL0DJCC4PuEa7Fc2RbPpjrizfWB+KNkYZu7R
dzYfVWhT20FXDTtG0AwAbDUTY9yD8zmIaBlVpiKAjOyYuQwd/+Bd0w81BBFjIOQo
nitPe13mmB7cjVNa3o4RwLSDOxeUnF0kpZtrNDwiTmpaRr7jF9fVcyBWanTemktC
hg/YjUVZj6zwmsizFmcu/A0LNzeZGKJ7wxiacRg5eTgNq1Y3Ap40lri7C0FclLpo
//AW3PrCEAwbeo8eoL+qtgyd80sMkPrN9BHK9W8y5mGOC5k0YFDGiSdi4O5IGoQ9
Gale4/5B7W2K/3O0QCFom5RVZV56qRh7crutcPyvm9QFMIzpMPdV/nSu9Vtiy32e
QqK0YpYbnXjc/QWx5ItC
=nchi
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa krb5

Otkriven je sigurnosni nedostatak u programskom paketu krb5 za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close