openSUSE Security Update : ghostscript-library (openSUSE-2016-1207)
High Nessus Plugin ID 94217
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for ghostscript-library fixes the following issues :
- Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, bsc#1001951)
- An incorrect reference count was found in .setdevice.
This issue lead to a use-after-free scenario, which could have been exploited for denial-of-service or, possibly, arbitrary code execution attacks.
- Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951)
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected ghostscript-library packages.