Univention Bugzilla – Bug 39423
ghostscript: Integeroverflow (4.1)
Last modified: 2017-10-26 13:53:59 CEST
This security issue is fixed in upstream Debian package version 9.05~dfsg-6.3+deb7u2: * Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write (CVE-2015-3228)
The following issues have been reported as fixed in the Debian Jessie package version (9.06~dfsg-2+deb8u3): * Ghostscript information disclosure through getenv, filenameforall (CVE-2013-5653) * various userparams allow %pipe% in paths, allowing remote shell command execution (CVE-2016-7976) * .libfile doesn't check PermitFileReading array, allowing remote file disclosure (CVE-2016-7977) * reference leak in .setdevice allows use-after-free and remote code execution (CVE-2016-7978) * type confusion in .initialize_dsc_parser allows remote code execution (CVE-2016-7979) * type confusion (CVE-2016-8602)
An updated Wheezy package is also available: 9.05~dfsg-6.3+deb7u3
Regression fix: 9.05~dfsg-6.3+deb7u4
Upstream Debian package version 9.05~dfsg-6.3+deb7u5 fixes these issues: * Application crash with division by 0 in scan conversion code triggered through crafted content (CVE-2016-10219) * Application crash with a segfault in gx_device_finalize() triggered through crafted content (CVE-2016-10220) * Application crash with a segfault in ref_stack_index() triggered through crafted content (CVE-2017-5951)
Upstream Debian package version 9.05~dfsg-6.3+deb7u6 fixes this issue: * Possible execution of arbitrary code or denial of service if a specially crafted Postscript file is processed (CVE-2017-8291)
FTBFS: devlibs error: There is no package matching [libgssapi3-dev] and noone provides it, please report bug to d-shlibs maintainer
r17558 | Bug #39423: Fix build with heimdal
Package: ghostscript Version: 9.05~dfsg-6.3.34.201706271134 Branch: ucs_4.1-0 Scope: errata4.1-4
Advisory: ghostscript.yaml
Tests (amd64): OK Advisory: OK
<http://errata.software-univention.de/ucs/4.1/436.html>