漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands.
A use-after-free vulnerability in the color management module of Ghostscript.
A divide-by-zero error in the scan conversion code in Ghostscript.
Multiple NULL pointer dereference errors in Ghostscript.
漏洞危害
An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291)
An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217)
An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219)
An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207)
解决方案
Refer to Ubuntu advisory USN-3272-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3272-1: 16.10 (Yakkety) on src (ghostscript-x)
USN-3272-1: 12.04 (Precise) on src (ghostscript)
USN-3272-1: 12.04 (Precise) on src (libgs9)
USN-3272-1: 16.10 (Yakkety) on src (ghostscript)
USN-3272-1: 12.04 (Precise) on src (libgs9-common)
USN-3272-1: 16.04 (Xenial) on src (libgs9)
USN-3272-1: 16.04 (Xenial) on src (libgs9-common)
USN-3272-1: 17.04 (zesty) on src (libgs9)
USN-3272-1: 16.10 (Yakkety) on src (libgs9)
USN-3272-1: 17.04 (zesty) on src (ghostscript-x)
USN-3272-1: 17.04 (zesty) on src (ghostscript)
USN-3272-1: 14.04 (Kylin) on src (ghostscript-x)
USN-3272-1: 16.04 (Xenial) on src (ghostscript)
USN-3272-1: 14.04 (Kylin) on src (libgs9-common)
USN-3272-1: 14.04 (Kylin) on src (ghostscript)
USN-3272-1: 16.10 (Yakkety) on src (libgs9-common)
USN-3272-1: 12.04 (Precise) on src (ghostscript-x)
USN-3272-1: 17.04 (zesty) on src (libgs9-common)
0day
文章评论