ghostscript-9.07-20.el7.1

エラータID: AXSA:2017-1218:01

Release date: 
Wednesday, January 4, 2017 - 17:23
Subject: 
ghostscript-9.07-20.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Ghostscript is a set of software that provides a PostScript
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files. Ghostscript
translates PostScript code into many common, bitmapped formats, like
those understood by your printer or screen. Ghostscript is normally
used to display PostScript files and to print PostScript files to
non-PostScript printers.

If you need to display PostScript files or print them to
non-PostScript printers, you should install ghostscript. If you
install ghostscript, you also need to install the ghostscript-fonts
package.

Security issues fixed with this release:

CVE-2013-5653
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7977
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7978
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7979
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8602
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2013-5653
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVE-2016-7977
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2016-7978
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-7979
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-8602
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
Additional Info: 

N/A

Download: 

SRPMS
  1. ghostscript-9.07-20.el7.1.src.rpm
    MD5: 5f9bf5262e8e78a412619d4d8c9a1bdc
    SHA-256: 35996f9c4e92fcd5adc1e1b64ff127d0bfbe6523d6fdc45008ae5f0eb1dc5ce2
    Size: 26.57 MB

Asianux Server 7 for x86_64
  1. ghostscript-9.07-20.el7.1.x86_64.rpm
    MD5: eb5a732132306d0a50790537aa74ddb1
    SHA-256: 9f00e1a7dd42401bf6bb79080ee2a42e89ff27f8d499d19cbc534a135b26dcaf
    Size: 4.31 MB
  2. ghostscript-cups-9.07-20.el7.1.x86_64.rpm
    MD5: 7c76019a5726750831dd471d95a3c203
    SHA-256: 798a5121d7dec1b13c268030458fe102ec69881959d453eaae5fc9a02e3ff5d4
    Size: 54.42 kB
  3. ghostscript-9.07-20.el7.1.i686.rpm
    MD5: 4aa826d3e745719e03e931ac4cd0130b
    SHA-256: 290c905a566ff4fa44054a36c59a256dd217f90e9c426db66bfa56f5dc78085a
    Size: 4.30 MB