Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
patchinfo.3327
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3327
<patchinfo incident="3327"> <issue id="1001951" tracker="bnc">VUL-0: EMU: CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979: ghostscript,ghostscript-library: getenv and filenameforall ignore -dSAFER, possible RCE</issue> <issue id="2016-7978" tracker="cve" /> <issue id="2013-5653" tracker="cve" /> <issue id="2016-7979" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>simotek</packager> <description> This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, bsc#1001951) - An incorrect reference count was found in .setdevice. This issue lead to a use-after-free scenario, which could have been exploited for denial-of-service or, possibly, arbitrary code execution attacks. (CVE-2016-7978, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) </description> <summary>Security update for ghostscript-library</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor