This update for ghostscript fixes the following security vulnerabilities :

  - CVE-2017-8291: A remote command execution and a -dSAFER     bypass via a crafted .eps document were exploited in the     wild. (bsc#1036453)

  - CVE-2016-9601: An integer overflow in the bundled     jbig2dec library could have been misused to cause a     Denial-of-Service. (bsc#1018128)

  - CVE-2016-10220: A NULL pointer dereference in the PDF     Transparency module allowed remote attackers to cause a     Denial-of-Service. (bsc#1032120)

  - CVE-2017-5951: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1032114)

  - CVE-2017-7207: A NULL pointer dereference allowed remote     attackers to cause a denial of service via a crafted     PostScript document. (bsc#1030263) This is a reissue of     the previous update to also include SUSE Linux     Enterprise 12 GA LTSS packages.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2017:1404-1)

high Nessus Plugin ID 100410

Version 3.12