FEDORA-2017-a606d224a5 created by dkaspar 2 years ago for Fedora 26
stable

Security fixes release for these CVEs:

How to install

sudo dnf upgrade --advisory=FEDORA-2017-a606d224a5

This update has been submitted for testing by dkaspar.

2 years ago
User Icon anonymous commented & provided feedback 2 years ago

Please confirm that CVE-2017-7975 is fixed with this update and CVE-2016-10317, CVE-2017-7885, CVE-2017-7976 are not. The referenced bugs suggest that at least CVE-2017-7885 and CVE-2017-7976 are fixed as well, but those are not mentioned above.

User Icon dkaspar commented & provided feedback 2 years ago

Well, the exact CVEs fixed are specified in the Details of the Bodhi update. IMHO that should be intuitive, but maybe I'm wrong.

And yes, only CVE-2017-7975 is fixed. The CVE-2016-10317, CVE-2017-7885, CVE-2017-7976 are not fixed. The fix for the latter will be released once upstream provide it. There's no reason to wait on the other fixes while the biggest threats can be already secured (we don't have any ETA from upstream).

P.S.: The referenced bugs will not be automatically closed once this update gets to stable.

User Icon anonymous commented & provided feedback 2 years ago

Sure, thanks for clarifying...I find it rather intuitive as well, but some bots (existence provided) may not and they might end up thinking this update is a fix for one of the CVEs they regexpd while crawling around and I have to clean up the mess. Which is not what happend :) Thanks again!

User Icon dkaspar commented & provided feedback 2 years ago

Ah, OK, I'm sorry for the inconvenience... :-/ Is there any way I could prevent this in the future? I don't think not linking the CVEs' BZs is a way to go here (I will link them from multiple bodhi updates).

This update has been pushed to testing.

2 years ago
User Icon besser82 commented & provided feedback 2 years ago
karma

Works great! LGTM! =)

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon pwalter commented & provided feedback 2 years ago
karma

Works

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1441581 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2017-5951 ghostscript: various flaws [fedora-all]
0
0
BZ#1443934 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 ghostscript: various flaws [fedora-all]
0
0
BZ#1446064 CVE-2017-8291 ghostscript: -dSAFER bypass and command execution via a "/OutputFile (%pipe%" substring [fedora-all]
0
0

Automated Test Results