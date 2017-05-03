SUSE Security Update: Security update for ghostscript-library

______________________________________________________________________________



Announcement ID: SUSE-SU-2017:1153-1

Rating: important

References: #1036453

Cross-References: CVE-2017-8291

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

______________________________________________________________________________



An update that fixes one vulnerability is now available.



Description:





This update for ghostscript fixes the following security vulnerability:



CVE-2017-8291: A remote command execution and a -dSAFER bypass via a

crafted .eps document were exploited in the wild. (bsc#1036453)





Patch Instructions:



To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:



- SUSE Linux Enterprise Software Development Kit 11-SP4:



zypper in -t patch sdksp4-ghostscript-library-13086=1



- SUSE Linux Enterprise Server 11-SP4:



zypper in -t patch slessp4-ghostscript-library-13086=1



- SUSE Linux Enterprise Debuginfo 11-SP4:



zypper in -t patch dbgsp4-ghostscript-library-13086=1



To bring your system up-to-date, use "zypper patch".





Package List:



- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64

s390x x86_64):



ghostscript-devel-8.62-32.44.1

ghostscript-ijs-devel-8.62-32.44.1

libgimpprint-devel-4.2.7-32.44.1



- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):



ghostscript-fonts-other-8.62-32.44.1

ghostscript-fonts-rus-8.62-32.44.1

ghostscript-fonts-std-8.62-32.44.1

ghostscript-library-8.62-32.44.1

ghostscript-omni-8.62-32.44.1

ghostscript-x11-8.62-32.44.1

libgimpprint-4.2.7-32.44.1



- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):



ghostscript-library-debuginfo-8.62-32.44.1

ghostscript-library-debugsource-8.62-32.44.1





References:



https://www.suse.com/security/cve/CVE-2017-8291.html

https://bugzilla.suse.com/1036453



--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org

For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

