Описание
Security update for ghostscript
ghostscript was updated to fix one security issue and one bug.
The following vulnerability was fixed:
- CVE-2015-3228: Specially crafted ps files could have caused an out of bound read/write due to an integer overflow, causing a segfault in the application or having unspecified further impact.
Also a non security bug was fixed:
- fix a crash in mutex handling (bsc#963017)
Список пакетов
SUSE Linux Enterprise Desktop 12
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Desktop 12 SP1
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Server 12
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Server 12 SP1
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Server for SAP Applications 12
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ghostscript-9.15-6.5
ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Software Development Kit 12
ghostscript-devel-9.15-6.5
SUSE Linux Enterprise Software Development Kit 12 SP1
ghostscript-devel-9.15-6.5
Ссылки
- Link for SUSE-SU-2016:0884-1
- E-Mail link for SUSE-SU-2016:0884-1
- SUSE Security Ratings
- SUSE Bug 939342
- SUSE Bug 963017
- SUSE CVE CVE-2015-3228 page
Описание
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:ghostscript-9.15-6.5
SUSE Linux Enterprise Desktop 12 SP1:ghostscript-x11-9.15-6.5
SUSE Linux Enterprise Desktop 12:ghostscript-9.15-6.5
SUSE Linux Enterprise Desktop 12:ghostscript-x11-9.15-6.5
Ссылки
- CVE-2015-3228
- SUSE Bug 939342