Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2493-1

Опубликовано: 11 окт. 2016
Источник: suse-cvrf

Описание

Security update for ghostscript-library

This update for ghostscript-library fixes the following issues:

  • Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951)

  • Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951)

  • An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Server 11 SP2-LTSS
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Server 11 SP3-LTSS
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Server 11 SP4
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ghostscript-devel-8.62-32.38.1
ghostscript-ijs-devel-8.62-32.38.1
libgimpprint-devel-4.2.7-32.38.1
SUSE Manager 2.1
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE Manager Proxy 2.1
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1
SUSE OpenStack Cloud 5
ghostscript-fonts-other-8.62-32.38.1
ghostscript-fonts-rus-8.62-32.38.1
ghostscript-fonts-std-8.62-32.38.1
ghostscript-library-8.62-32.38.1
ghostscript-omni-8.62-32.38.1
ghostscript-x11-8.62-32.38.1
libgimpprint-4.2.7-32.38.1

Ссылки

Описание

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.38.1
Ссылки

Описание

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.38.1
Ссылки

Описание

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.38.1
Ссылки

Описание

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.38.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.38.1
Ссылки