Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Ghostscript
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Ghostscript
ID: USN-3403-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04
Datum: Mo, 28. August 2017, 23:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9726

Originalnachricht


--===============5582012077423950897==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-LafBw/UgCE8K7r5vz63P"


--=-LafBw/UgCE8K7r5vz63P
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-3403-1
August 28, 2017

ghostscript vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ghostscript.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

Kamil Frankowicz discovered that Ghostscript mishandles references.
A remote attacker could use this to cause a denial of service.
(CVE-2017-11714)

Kim Gwan Yeong discovered that Ghostscript could allow a heap-based
buffer over-read and application crash. A remote attacker could use a
crafted document to cause a denial of service. (CVE-2017-9611, 
CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)

Kim Gwan Yeong discovered an use-after-free vulnerability in
Ghostscript. A remote attacker could use a crafted file to cause a
denial of service. (CVE-2017-9612)

Kim Gwan Yeong discovered a lack of integer overflow check in
Ghostscript. A remote attacker could use crafted PostScript document to
cause a denial of service. (CVE-2017-9835)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  ghostscript                     9.19~dfsg+1-0ubuntu7.6
  ghostscript-x                   9.19~dfsg+1-0ubuntu7.6
  libgs9                          9.19~dfsg+1-0ubuntu7.6
  libgs9-common                   9.19~dfsg+1-0ubuntu7.6

Ubuntu 16.04 LTS:
  ghostscript                     9.18~dfsg~0-0ubuntu2.7
  ghostscript-x                   9.18~dfsg~0-0ubuntu2.7
  libgs9                          9.18~dfsg~0-0ubuntu2.7
  libgs9-common                   9.18~dfsg~0-0ubuntu2.7

Ubuntu 14.04 LTS:
  ghostscript                     9.10~dfsg-0ubuntu10.10
  ghostscript-x                   9.10~dfsg-0ubuntu10.10
  libgs9                          9.10~dfsg-0ubuntu10.10
  libgs9-common                   9.10~dfsg-0ubuntu10.10

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3403-1
  CVE-2017-11714, CVE-2017-9611, CVE-2017-9612, CVE-2017-9726,
  CVE-2017-9727, CVE-2017-9739, CVE-2017-9835

Package Information:
  https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu7.6
  https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.7
  https://launchpad.net/ubuntu/+source/ghostscript/9.10~dfsg-0ubuntu10.10
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung