Synopsis:          Important: ghostscript security update
Advisory ID:       SLSA-2017:1230-1
Issue Date:        2017-05-12
CVE Numbers:       CVE-2017-8291
--

Security Fix(es):

* It was found that ghostscript did not properly validate the parameters
passed to the .rsdparams and .eqproc functions. During its execution, a
specially crafted PostScript document could execute code in the context of
the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)
--

SL6
  x86_64
    ghostscript-8.70-23.el6_9.2.i686.rpm
    ghostscript-8.70-23.el6_9.2.x86_64.rpm
    ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
    ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm
    ghostscript-devel-8.70-23.el6_9.2.i686.rpm
    ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm
    ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm
    ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm
  i386
    ghostscript-8.70-23.el6_9.2.i686.rpm
    ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
    ghostscript-devel-8.70-23.el6_9.2.i686.rpm
    ghostscript-doc-8.70-23.el6_9.2.i686.rpm
    ghostscript-gtk-8.70-23.el6_9.2.i686.rpm
SL7
  x86_64
    ghostscript-9.07-20.el7_3.5.i686.rpm
    ghostscript-9.07-20.el7_3.5.x86_64.rpm
    ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm
    ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
    ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm
    ghostscript-devel-9.07-20.el7_3.5.i686.rpm
    ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm
    ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm
  noarch
    ghostscript-doc-9.07-20.el7_3.5.noarch.rpm

- Scientific Linux Development Team