[ GLSA 201811-12 ] GPL Ghostscript: Multiple vulnerabilities


–v9Ux+11Zm5mwPlX6

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201811-12
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: GPL Ghostscript: Multiple vulnerabilities
Date: November 24, 2018
Bugs: #618820, #626418, #635426, #655404, #668846, #671732
ID: 201811-12

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis

Multiple vulnerabilities have been found in GPL Ghostscript, the worst
of which could result in the execution of arbitrary code.

Background

Ghostscript is an interpreter for the PostScript language and for PDF.

Affected packages

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 app-text/ghostscript-gpl
9.26=20

Description

Multiple vulnerabilities have been discovered in GPL Ghostscript.
Please review the CVE identifiers referenced below for additional
information.

Impact

A context-dependent attacker could entice a user to open a specially
crafted PostScript file or PDF document using GPL Ghostscript possibly
resulting in the execution of arbitrary code with the privileges of the
process, a Denial of Service condition, or other unspecified impacts,

Workaround

There is no known workaround at this time.

Resolution

All GPL Ghostscript users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>app-text/ghostscript-gpl-9.26”

References

[ 1 ] CVE-2017-11714
https://nvd.nist.gov/vuln/detail/CVE-2017-11714
[ 2 ] CVE-2017-7948
https://nvd.nist.gov/vuln/detail/CVE-2017-7948
[ 3 ] CVE-2017-9610
https://nvd.nist.gov/vuln/detail/CVE-2017-9610
[ 4 ] CVE-2017-9611
https://nvd.nist.gov/vuln/detail/CVE-2017-9611
[ 5 ] CVE-2017-9612
https://nvd.nist.gov/vuln/detail/CVE-2017-9612
[ 6 ] CVE-2017-9618
https://nvd.nist.gov/vuln/detail/CVE-2017-9618
[ 7 ] CVE-2017-9619
https://nvd.nist.gov/vuln/detail/CVE-2017-9619
[ 8 ] CVE-2017-9620
https://nvd.nist.gov/vuln/detail/CVE-2017-9620
[ 9 ] CVE-2017-9726
https://nvd.nist.gov/vuln/detail/CVE-2017-9726
[ 10 ] CVE-2017-9727
https://nvd.nist.gov/vuln/detail/CVE-2017-9727
[ 11 ] CVE-2017-9739
https://nvd.nist.gov/vuln/detail/CVE-2017-9739
[ 12 ] CVE-2017-9740
https://nvd.nist.gov/vuln/detail/CVE-2017-9740
[ 13 ] CVE-2017-9835
https://nvd.nist.gov/vuln/detail/CVE-2017-9835
[ 14 ] CVE-2018-10194
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
[ 15 ] CVE-2018-15908
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
[ 16 ] CVE-2018-15909
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
[ 17 ] CVE-2018-15910
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
[ 18 ] CVE-2018-15911
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
[ 19 ] CVE-2018-16509
https://nvd.nist.gov/vuln/detail/CVE-2018-16509
[ 20 ] CVE-2018-16510
https://nvd.nist.gov/vuln/detail/CVE-2018-16510
[ 21 ] CVE-2018-16511
https://nvd.nist.gov/vuln/detail/CVE-2018-16511
[ 22 ] CVE-2018-16513
https://nvd.nist.gov/vuln/detail/CVE-2018-16513
[ 23 ] CVE-2018-16539
https://nvd.nist.gov/vuln/detail/CVE-2018-16539
[ 24 ] CVE-2018-16540
https://nvd.nist.gov/vuln/detail/CVE-2018-16540
[ 25 ] CVE-2018-16541
https://nvd.nist.gov/vuln/detail/CVE-2018-16541
[ 26 ] CVE-2018-16542
https://nvd.nist.gov/vuln/detail/CVE-2018-16542
[ 27 ] CVE-2018-16543
https://nvd.nist.gov/vuln/detail/CVE-2018-16543
[ 28 ] CVE-2018-16585
https://nvd.nist.gov/vuln/detail/CVE-2018-16585
[ 29 ] CVE-2018-16802
https://nvd.nist.gov/vuln/detail/CVE-2018-16802
[ 30 ] CVE-2018-18284
https://nvd.nist.gov/vuln/detail/CVE-2018-18284
[ 31 ] CVE-2018-19409
https://nvd.nist.gov/vuln/detail/CVE-2018-19409

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201811-12

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

–v9Ux+11Zm5mwPlX6

—–BEGIN PGP SIGNATURE—–

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlv5qxAACgkQpRQw84X1
dt30cgf/R6k3Hevvy9Wmhje+EVNCv9t5DiGKfhB6b29YDWe9Phg/4j9ElkRwl1xI
yf78HENsQ0UVEChZD84KUFGiOEwIaVeIe5MCE6vhSvID+ajOMySB9fj9yichBbTh
zfBCfFUkPQ0Wa+BP2FVPyvF91EL9qAzz2TPt2bguzNCeh2fCWxcjZ3Wv/TI+Pwuc
PWqfpNmcpMNtYCtP1posrmdjMqJm5006/yDE19+NYVtcqNwPhffo3su3P5Pl9U1o
rDbLZIP4AiabRy1WlFbuIiE4SENBD+9H1YHrYK2IHhw0dPUccjoIQ/tUlex06Mwh
P/b2ig0912wDMzs761rTcAhsDhI4ZQ==
=xIGL
—–END PGP SIGNATURE—–

–v9Ux+11Zm5mwPlX6–