Bug 20744

Summary: Possible exploit in ghostscript CVE-2017-8291
Product: Mageia Reporter: Daniel Kjellin <mandriva>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2017-8291
See Also: https://bugs.mageia.org/show_bug.cgi?id=19542
Whiteboard:
Source RPM: CVE: CVE-2017-8291
Status comment:

Description Daniel Kjellin 2017-04-28 11:35:42 CEST 
I do not know if Mageia ships a vulnerable version of ghostscript, but a zero-day exploit allowing code execution has been reported against (to my knowledge) all versions of ghostscript. A fixed release of ghostscript is available. I do not have access to test this against the version in Mageia, more details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295 

This vulnerability has been reported to have been exploited already.
Comment 1 Rémi Verschelde 2017-04-28 12:30:01 CEST 
See also bug 19542 with pending CVEs to fix for ghostscript in Mageia 5. Keeping this one separate for now, as it also affects Mageia 6 and I don't know yet if we'll fix all issues at once.

Version: 5 => Cauldron
Component: RPM Packages => Security
QA Contact: (none) => security
Whiteboard: (none) => MGA5TOO
Assignee: bugsquad => pkg-bugs
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=19542
CVE: (none) => CVE-2017-8291

Rémi Verschelde 2017-04-28 13:57:16 CEST

Priority: Normal => High

Comment 2 Nicolas Lécureuil 2017-04-28 13:57:33 CEST 
Fixed in cauldron

Version: Cauldron => 5
Priority: High => Normal
Whiteboard: MGA5TOO => (none)
CC: (none) => mageia

Rémi Verschelde 2017-04-28 14:06:07 CEST

Priority: Normal => High

Comment 3 Nicolas Lécureuil 2017-04-28 14:08:16 CEST 
following all CVE in one bugreport

*** This bug has been marked as a duplicate of bug 19542 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Priority: High => Normal