DSA-3838

http://www.ghostscript.com/cgi-bin/findgit.cgi?309eca4e0a31ea70dcc844812691439312dad091

96995

1039071

RHSA-2017:2180

https://bugs.ghostscript.com/show_bug.cgi?id=697676

GLSA-201708-06

This update for ghostscript-library fixes several issues. These security issues were fixed :

  - CVE-2017-7207: The mem_get_bits_rectangle function     allowed remote attackers to cause a denial of service     (NULL pointer dereference) via a crafted PostScript     document (bsc#1030263).

  - CVE-2016-9601: Prevent heap-buffer overflow by checking     for an integer overflow in jbig2_image_new function     (bsc#1018128).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891)

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889)

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888)

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887)

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184)

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879)

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138)

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for ghostscript is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es) :

* A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process.
(CVE-2017-7207)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Security Fix(es) :

  - A NULL pointer dereference flaw was found in     ghostscript's mem_get_bits_rectangle function. A     specially crafted postscript document could cause a     crash in the context of the gs process. (CVE-2017-7207)

The remote host is affected by the vulnerability described in GLSA-201708-06 (GPL Ghostscript: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please       review the CVE identifiers referenced below for additional information.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted PostScript file or PDF document using GPL Ghostscript possibly       resulting in the execution of arbitrary code with the privileges of the       process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

From Red Hat Security Advisory 2017:2180 :

An update for ghostscript is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es) :

* A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process.
(CVE-2017-7207)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The mem_get_bits_rectangle function in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (NULL pointer dereference)     via a crafted PostScript document.(CVE-2017-7207)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues were found in Ghostscript, the GPL PostScript/PDF interpreter, which allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

For Debian 7 'Wheezy', these problems have been fixed in version 9.05~dfsg-6.3+deb7u7.

We recommend that you upgrade your ghostscript packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for [CVE-2017-7207](https://bugzilla.redhat.com/show_bug.cgi?id=1434353).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes the following security vulnerabilities :

  - CVE-2017-8291: A remote command execution and a -dSAFER     bypass via a crafted .eps document were exploited in the     wild. (bsc#1036453)

  - CVE-2016-9601: An integer overflow in the bundled     jbig2dec library could have been misused to cause a     Denial-of-Service. (bsc#1018128)

  - CVE-2016-10220: A NULL pointer dereference in the PDF     Transparency module allowed remote attackers to cause a     Denial-of-Service. (bsc#1032120)

  - CVE-2017-5951: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1032114)

  - CVE-2017-7207: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1030263) This is a reissue of     the previous update to also include SUSE Linux     Enterprise 12 GA LTSS packages.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem.

We apologize for the inconvenience.

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291)

Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217)

Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash).
(CVE-2016-10219)

Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash).
(CVE-2016-10220, CVE-2017-5951, CVE-2017-7207).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes the following security vulnerabilities :

CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453)

CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128)

CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service.
(bsc#1032120)

CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document.
(bsc#1032114)

CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document.
(bsc#1030263)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ghostscript fixes the following security vulnerabilities :

  - CVE-2017-8291: A remote command execution and a -dSAFER     bypass via a crafted .eps document were exploited in the     wild. (bsc#1036453)

  - CVE-2016-9601: An integer overflow in the bundled     jbig2dec library could have been misused to cause a     Denial-of-Service. (bsc#1018128)

  - CVE-2016-10220: A NULL pointer dereference in the PDF     Transparency module allowed remote attackers to cause a     Denial-of-Service. (bsc#1032120)

  - CVE-2017-5951: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1032114)

  - CVE-2017-7207: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1030263)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291)

Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217)

Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219)

Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
109572	SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:1140-1)	Nessus	SuSE Local Security Checks	medium
102754	CentOS 7 : ghostscript (CESA-2017:2180)	Nessus	CentOS Local Security Checks	medium
102663	Scientific Linux Security Update : ghostscript on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
102618	GLSA-201708-06 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
102298	Oracle Linux 7 : ghostscript (ELSA-2017-2180)	Nessus	Oracle Linux Local Security Checks	medium
102232	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1145)	Nessus	Huawei Local Security Checks	medium
102231	EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1144)	Nessus	Huawei Local Security Checks	medium
102114	RHEL 7 : ghostscript (RHSA-2017:2180)	Nessus	Red Hat Local Security Checks	medium
102096	Debian DLA-1048-1 : ghostscript security update	Nessus	Debian Local Security Checks	medium
101645	Fedora 26 : ghostscript (2017-628b627eac)	Nessus	Fedora Local Security Checks	medium
100410	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1404-1)	Nessus	SuSE Local Security Checks	medium
100247	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript regression (USN-3272-2)	Nessus	Ubuntu Local Security Checks	medium
100041	openSUSE Security Update : ghostscript (openSUSE-2017-558)	Nessus	SuSE Local Security Checks	medium
99761	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1138-1)	Nessus	SuSE Local Security Checks	medium
99741	Debian DSA-3838-1 : ghostscript - security update	Nessus	Debian Local Security Checks	medium
99726	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : ghostscript vulnerabilities (USN-3272-1)	Nessus	Ubuntu Local Security Checks	medium
99490	Fedora 24 : ghostscript (2017-9a13090378)	Nessus	Fedora Local Security Checks	medium
99255	Fedora 25 : ghostscript (2017-047cffb598)	Nessus	Fedora Local Security Checks	medium

CVE-2017-7207

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins