Security update for ghostscript-library
| Announcement ID: | SUSE-SU-2016:2492-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for ghostscript-library fixes the following issues:
-
Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, bsc#1001951)
-
An incorrect reference count was found in .setdevice. This issue lead to a use-after-free scenario, which could have been exploited for denial-of-service or, possibly, arbitrary code execution attacks. (CVE-2016-7978, bsc#1001951)
-
Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1
zypper in -t patch SUSE-SLE-BSK-12-SP1-2016-1458=1 -
SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1458=1 -
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SAP-12-2016-1458=1 -
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1458=1 -
SUSE Linux Enterprise Server 12 LTSS 12
zypper in -t patch SUSE-SLE-SERVER-12-2016-1458=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1458=1 -
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1458=1
Package List:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1 (ppc64le s390x x86_64)
- ghostscript-mini-devel-9.15-11.1
- ghostscript-mini-9.15-11.1
- ghostscript-mini-debugsource-9.15-11.1
- ghostscript-mini-debuginfo-9.15-11.1
-
SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- ghostscript-x11-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-x11-debuginfo-9.15-11.1
- ghostscript-9.15-11.1
- ghostscript-debugsource-9.15-11.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- ghostscript-x11-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-x11-debuginfo-9.15-11.1
- ghostscript-9.15-11.1
- ghostscript-debugsource-9.15-11.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- ghostscript-devel-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-debugsource-9.15-11.1
-
SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
- ghostscript-x11-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-x11-debuginfo-9.15-11.1
- ghostscript-9.15-11.1
- ghostscript-debugsource-9.15-11.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- ghostscript-x11-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-x11-debuginfo-9.15-11.1
- ghostscript-9.15-11.1
- ghostscript-debugsource-9.15-11.1
-
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- ghostscript-x11-9.15-11.1
- ghostscript-debuginfo-9.15-11.1
- ghostscript-x11-debuginfo-9.15-11.1
- ghostscript-9.15-11.1
- ghostscript-debugsource-9.15-11.1