ghostscript-9.07-20.el7.1
エラータID: AXSA:2017-1218:01
Ghostscript is a set of software that provides a PostScript
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files. Ghostscript
translates PostScript code into many common, bitmapped formats, like
those understood by your printer or screen. Ghostscript is normally
used to display PostScript files and to print PostScript files to
non-PostScript printers.
If you need to display PostScript files or print them to
non-PostScript printers, you should install ghostscript. If you
install ghostscript, you also need to install the ghostscript-fonts
package.
Security issues fixed with this release:
CVE-2013-5653
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7977
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7978
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7979
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8602
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
N/A
SRPMS
- ghostscript-9.07-20.el7.1.src.rpm
MD5: 5f9bf5262e8e78a412619d4d8c9a1bdc
SHA-256: 35996f9c4e92fcd5adc1e1b64ff127d0bfbe6523d6fdc45008ae5f0eb1dc5ce2
Size: 26.57 MB
Asianux Server 7 for x86_64
- ghostscript-9.07-20.el7.1.x86_64.rpm
MD5: eb5a732132306d0a50790537aa74ddb1
SHA-256: 9f00e1a7dd42401bf6bb79080ee2a42e89ff27f8d499d19cbc534a135b26dcaf
Size: 4.31 MB - ghostscript-cups-9.07-20.el7.1.x86_64.rpm
MD5: 7c76019a5726750831dd471d95a3c203
SHA-256: 798a5121d7dec1b13c268030458fe102ec69881959d453eaae5fc9a02e3ff5d4
Size: 54.42 kB - ghostscript-9.07-20.el7.1.i686.rpm
MD5: 4aa826d3e745719e03e931ac4cd0130b
SHA-256: 290c905a566ff4fa44054a36c59a256dd217f90e9c426db66bfa56f5dc78085a
Size: 4.30 MB