[ubuntu/zesty-security] ghostscript 9.19~dfsg+1-0ubuntu7.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri Apr 28 05:12:00 UTC 2017


ghostscript (9.19~dfsg+1-0ubuntu7.2) zesty-security; urgency=medium

  * SECURITY UPDATE: invalid handling of parameters to .eqproc and
    .rsdparams allowed disabling -dSAFER and thus code execution
    - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
    - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
    - CVE-2017-8291
  * SECURITY UPDATE: use-after-free in color management module.
    - CVE-2016-10217.patch: Dont create new ctx when pdf14 device
      reenabled
    - CVE-2016-10217
  * SECURITY UPDATE: divide-by-zero error denial of service in
    base/gxfill.c
    - CVE-2016-10219.patch: check for 0 in denominator
    - CVE-2016-10219
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2016-10220.patch: initialize device data structure correctly
    - CVE-2016-10220
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-5951.patch: use the correct param list enumerator
    - CVE-2017-5951
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-7207.patch: ensure a device has raster memory, before
      trying to read it
    - CVE-2017-7207

Date: 2017-04-28 00:57:13.546290+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu7.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Zesty-changes mailing list