|
Sicherheit: Mehrere Probleme in Ghostscript
|Name:
|Mehrere Probleme in Ghostscript
|ID:
|SUSE-SU-2017:1138-1
|Distribution:
|SUSE
|Plattformen:
|SUSE Linux Enterprise Desktop 12-SP1, SUSE Linux Enterprise Software Development Kit 12-SP1, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Software Development Kit 12-SP2, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
|Datum:
|Sa, 29. April 2017, 00:16
|Referenzen:
|
Originalnachricht
|
SUSE Security Update: Security update for ghostscript
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1138-1
Rating: important
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for ghostscript fixes the following security vulnerabilities:
CVE-2017-8291: A remote command execution and a -dSAFER bypass via a
crafted .eps document were exploited in the wild. (bsc#1036453)
CVE-2016-9601: An integer overflow in the bundled jbig2dec library could
have been misused to cause a Denial-of-Service. (bsc#1018128)
CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module
allowed remote attackers to cause a Denial-of-Service. (bsc#1032120)
CVE-2017-5951: A NULL pointer dereference allowed remote attackers to
cause a denial of service via a crafted PostScript document. (bsc#1032114)
CVE-2017-7207: A NULL pointer dereference allowed remote attackers to
cause a denial of service via a crafted PostScript document. (bsc#1030263)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-659=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-659=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-659=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-659=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-659=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-659=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-659=1
To bring your system up-to-date, use "zypper patch".
|
|