{"affected":[{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript-devel":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript-devel":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.15-22.1","ghostscript-x11":"9.15-22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"ghostscript","purl":"pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.15-22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ghostscript fixes the following security vulnerabilities:\n\n- CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were\n  exploited in the wild. (bsc#1036453)\n- CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause\n  a Denial-of-Service. (bsc#1018128)\n- CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers\n  to cause a Denial-of-Service. (bsc#1032120)\n- CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service\n  via a crafted PostScript document. (bsc#1032114)\n- CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service\n  via a crafted PostScript document. (bsc#1030263)\n\nThis is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages.\n\n","id":"SUSE-SU-2017:1404-1","modified":"2017-05-24T14:25:10Z","published":"2017-05-24T14:25:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171404-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1018128"},{"type":"REPORT","url":"https://bugzilla.suse.com/1030263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1032114"},{"type":"REPORT","url":"https://bugzilla.suse.com/1032120"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036453"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10220"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5951"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8291"}],"related":["CVE-2016-10220","CVE-2016-9601","CVE-2017-5951","CVE-2017-7207","CVE-2017-8291"],"summary":"Security update for ghostscript","upstream":["CVE-2016-10220","CVE-2016-9601","CVE-2017-5951","CVE-2017-7207","CVE-2017-8291"]}