ghostscript-8.70-21.AXS4.1

エラータID: AXSA:2017-1219:01

Release date: 
Wednesday, January 4, 2017 - 17:32
Subject: 
ghostscript-8.70-21.AXS4.1
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Ghostscript is a set of software that provides a PostScript
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files. Ghostscript
translates PostScript code into many common, bitmapped formats, like
those understood by your printer or screen. Ghostscript is normally
used to display PostScript files and to print PostScript files to
non-PostScript printers.

If you need to display PostScript files or print them to
non-PostScript printers, you should install ghostscript. If you
install ghostscript, you also need to install the ghostscript-fonts
package.

Security issues fixed with this release:

CVE-2013-5653
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7977
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7979
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8602
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2013-5653
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
CVE-2016-7977
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2016-7979
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-8602
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
Additional Info: 

N/A

Download: 

SRPMS
  1. ghostscript-8.70-21.AXS4.1.src.rpm
    MD5: b5e34ccf6ac78889b9a2a784df804f78
    SHA-256: 82a0837fee73d96f8d5d09cfcb93dbef0cc09f5367113b17784a9dfbb4a3de55
    Size: 12.19 MB

Asianux Server 4 for x86
  1. ghostscript-8.70-21.AXS4.1.i686.rpm
    MD5: 428d07d7b892461a3f119764b8d2a17f
    SHA-256: 5ab02a14c8c80fd6ae9da427cf6bce6d8fc157538dc0e5efdb677294fd03707e
    Size: 4.45 MB

Asianux Server 4 for x86_64
  1. ghostscript-8.70-21.AXS4.1.x86_64.rpm
    MD5: 16004046d000da0599398608290a9bb9
    SHA-256: 23a5c21ab422374bda1a85e2e1ec6fdf13830d0ff4442f8a57c442f546407719
    Size: 4.42 MB
  2. ghostscript-8.70-21.AXS4.1.i686.rpm
    MD5: 428d07d7b892461a3f119764b8d2a17f
    SHA-256: 5ab02a14c8c80fd6ae9da427cf6bce6d8fc157538dc0e5efdb677294fd03707e
    Size: 4.45 MB