Bug 20744 - Possible exploit in ghostscript CVE-2017-8291
Summary: Possible exploit in ghostscript CVE-2017-8291
Status: RESOLVED DUPLICATE of bug 19542
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL: https://security-tracker.debian.org/t...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-28 11:35 CEST by Daniel Kjellin
Modified: 2017-04-28 14:08 CEST (History)
1 user (show)

See Also:
Source RPM:
CVE: CVE-2017-8291
Status comment:


Attachments

Description Daniel Kjellin 2017-04-28 11:35:42 CEST
I do not know if Mageia ships a vulnerable version of ghostscript, but a zero-day exploit allowing code execution has been reported against (to my knowledge) all versions of ghostscript. A fixed release of ghostscript is available. I do not have access to test this against the version in Mageia, more details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295 

This vulnerability has been reported to have been exploited already.
Comment 1 Rémi Verschelde 2017-04-28 12:30:01 CEST
See also bug 19542 with pending CVEs to fix for ghostscript in Mageia 5. Keeping this one separate for now, as it also affects Mageia 6 and I don't know yet if we'll fix all issues at once.

Version: 5 => Cauldron
Component: RPM Packages => Security
QA Contact: (none) => security
Whiteboard: (none) => MGA5TOO
Assignee: bugsquad => pkg-bugs
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=19542
CVE: (none) => CVE-2017-8291

Rémi Verschelde 2017-04-28 13:57:16 CEST

Priority: Normal => High

Comment 2 Nicolas Lécureuil 2017-04-28 13:57:33 CEST
Fixed in cauldron

Version: Cauldron => 5
Priority: High => Normal
Whiteboard: MGA5TOO => (none)
CC: (none) => mageia

Rémi Verschelde 2017-04-28 14:06:07 CEST

Priority: Normal => High

Comment 3 Nicolas Lécureuil 2017-04-28 14:08:16 CEST
following all CVE in one bugreport

*** This bug has been marked as a duplicate of bug 19542 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Priority: High => Normal


Note You need to log in before you can comment on or make changes to this bug.