SUSE-SU-2016:2493-1

UNKNOWN

Security update for ghostscript-library

Published Oct 11, 2016

Modified 9 years ago

Fix available

Details

This update for ghostscript-library fixes the following issues:

Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951)
Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951)
An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342)

Affected Packages

ghostscript-fonts-other

SUSE Linux Enterprise Point of Sale 11 SP3SUSE Linux Enterprise Server 11 SP2-LTSSSUSE Linux Enterprise Server 11 SP3-LTSSSUSE Linux Enterprise Server 11 SP3-TERADATASUSE Linux Enterprise Server 11 SP4

Fixed in:

8.62-32.38.1

ghostscript-fonts-rus

Fixed in:

8.62-32.38.1

ghostscript-fonts-std

Fixed in:

8.62-32.38.1

ghostscript-library

Fixed in:

8.62-32.38.1

ghostscript-omni