Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince (kde#371887).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Desktop 12 SP2
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Server 12 SP1
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Server 12 SP2
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ghostscript-9.15-17.2
ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Software Development Kit 12 SP1
ghostscript-devel-9.15-17.2
SUSE Linux Enterprise Software Development Kit 12 SP2
ghostscript-devel-9.15-17.2
Ссылки
- Link for SUSE-SU-2016:2817-1
- E-Mail link for SUSE-SU-2016:2817-1
- SUSE Security Ratings
- SUSE Bug 1006592
- SUSE CVE CVE-2013-5653 page
Описание
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:ghostscript-9.15-17.2
SUSE Linux Enterprise Desktop 12 SP1:ghostscript-x11-9.15-17.2
SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-17.2
SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-17.2
Ссылки
- CVE-2013-5653
- SUSE Bug 1001951
- SUSE Bug 1004237
- SUSE Bug 1007816
- SUSE Bug 1036453