It was found that .libfile can be used to access arbitrary files on the file system. PoC: http://www.openwall.com/lists/oss-security/2016/09/29/3 Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169 Upstream fix: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=cf046d2
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1380416]
CVE assignment: http://seclists.org/oss-sec/2016/q4/37
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0014 https://rhn.redhat.com/errata/RHSA-2017-0014.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0013 https://rhn.redhat.com/errata/RHSA-2017-0013.html