FEDORA-2016-96045ad97b — security update for ghostscript

unpushed

ghostscript-9.16-5.fc24

FEDORA-2016-96045ad97b created by dkaspar 8 years ago for Fedora 24

Security fix for BZ #1380415.

IMPORTANT NOTE: This release of ghostscript is without OpenJPEG support. The support had to be temporarily disabled in order to deliver the security fix.

The support for OpenJPEG will be re-enabled as soon as possible.

You can test if your system is vulnerable by these steps:

Download the bash script for testing:
```
wget https://goo.gl/eyzZvG
```
Optional - check the validity of the script:
```
md5 ./bz1380415-test.sh
```
[md5 hash of the script - 4ae552b75bc30e21ff066603a911b5fe]

Make the script executable & run it:

chmod +x ./bz1380415-test.sh && ./bz1380415-test.sh

This update has been submitted for testing by dkaspar.

8 years ago

dkaspar edited this update.

8 years ago

This update has been pushed to testing.

8 years ago

cserpentis commented & provided feedback 8 years ago

karma

works for me

dkaspar commented 8 years ago

This update has been unpushed.

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

7 days

Dates

submitted

8 years ago

in testing

8 years ago

modified

8 years ago

Builds

ghostscript-9.16-5.fc24

BZ#1380415 CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER

BZ#1380416 ghostscript: .libfile does not honor -dSAFER [fedora-all]

ghostscript-9.16-5.fc24

Automated Test Results

None