GPL Ghostscript: Multiple vulnerabilities

GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. ghostscript 2017-02-22 2017-02-22 596576 607190 remote 9.20-r1 9.20-r1

Ghostscript is an interpreter for the PostScript language and for PDF.

Multiple vulnerabilities have been discovered in GPL Ghostscript and the bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26 (OpenJPEG) referenced below for additional information.

Note: GPL Ghostscript in Gentoo since app-text/ghostscript-gpl-9.20-r1 no longer bundles OpenJPEG.

A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF using GPL Ghostscript possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All GPL Ghostscript users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-text/ghostscript-gpl-9.20-r1"

CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 GLSA-201612-26 whissi whissi