[ubuntu/trusty-security] ghostscript 9.10~dfsg-0ubuntu10.7 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri Apr 28 05:12:03 UTC 2017


ghostscript (9.10~dfsg-0ubuntu10.7) trusty-security; urgency=medium

  * SECURITY UPDATE: invalid handling of parameters to .eqproc and
    .rsdparams allowed disabling -dSAFER and thus code execution
    - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
    - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
    - CVE-2017-8291
  * SECURITY UPDATE: use-after-free in color management module.
    - CVE-2016-10217.patch: Don't create new ctx when pdf14 device
      reenabled
    - CVE-2016-10217
  * SECURITY UPDATE: divide-by-zero error denial of service in
    base/gxfill.c
    - CVE-2016-10219.patch: check for 0 in denominator
    - CVE-2016-10219
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2016-10220.patch: initialize device data structure correctly
    - CVE-2016-10220
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-5951.patch: use the correct param list enumerator
    - CVE-2017-5951
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-7207.patch: ensure a device has raster memory, before
      trying to read it
    - CVE-2017-7207

Date: 2017-04-28 02:24:55.929716+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.10~dfsg-0ubuntu10.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list