Synopsis
Moderate: ghostscript security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ghostscript is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: ghostscript security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ghostscript is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Ghostscript could be made to crash, run programs, or disclose sensitive
information if it processed a specially crafted file ...
Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may lead to the execution of arbitrary
code or information disclosure if a specially crafted Postscript file is
processed
For the stable distribution (jessie), these problems have been fixed in
version 906~dfsg-2+deb8u3
We recommend that you upgrade ...
It was found that the ghostscript functions getenv, filenameforall and libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target (CVE-2 ...
Debian Bug report logs -
#839846
ghostscript: CVE-2016-7979: type confusion in initialize_dsc_parser allows remote code execution
Package:
src:ghostscript;
Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 5 Oct ...
Debian Bug report logs -
#839841
ghostscript: CVE-2016-7977: libfile doesn't check PermitFileReading array, allowing remote file disclosure
Package:
ghostscript;
Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon)
Reported by: ...
Debian Bug report logs -
#839845
ghostscript: CVE-2016-7978: reference leak in setdevice allows use-after-free and remote code execution
Package:
src:ghostscript;
Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, ...
Debian Bug report logs -
#839260
ghostscript: CVE-2016-7976: various userparams allow %pipe% in paths, allowing remote shell command execution
Package:
ghostscript;
Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon)
Reported b ...
Debian Bug report logs -
#839118
ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER
Package:
ghostscript;
Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon)
Reported by: Florian Weimer <fw@denebenyode> ...
Debian Bug report logs -
#840451
ghostscript: CVE-2016-8602
Package:
src:ghostscript;
Maintainer for src:ghostscript is Debian Printing Team <debian-printing@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 11 Oct 2016 17:21:02 UTC
Severity: grave
Tags: patch, security, upstream
Fo ...
It was found that the ghostscript function initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw A specially crafted postscript document could cause a crash code execution in the context of the gs process ...