Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3330-1

Опубликовано: 23 окт. 2018
Источник: suse-cvrf

Описание

Security update for ghostscript-library

This update for ghostscript-library fixes the following issues:

  • CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426)
  • CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420)
  • CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421)
  • CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413)
  • CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410
  • CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412)
  • CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173)
  • CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
ghostscript-fonts-other-8.62-32.47.13.1
ghostscript-fonts-rus-8.62-32.47.13.1
ghostscript-fonts-std-8.62-32.47.13.1
ghostscript-library-8.62-32.47.13.1
ghostscript-omni-8.62-32.47.13.1
ghostscript-x11-8.62-32.47.13.1
libgimpprint-4.2.7-32.47.13.1
SUSE Linux Enterprise Server 11 SP3-LTSS
ghostscript-fonts-other-8.62-32.47.13.1
ghostscript-fonts-rus-8.62-32.47.13.1
ghostscript-fonts-std-8.62-32.47.13.1
ghostscript-library-8.62-32.47.13.1
ghostscript-omni-8.62-32.47.13.1
ghostscript-x11-8.62-32.47.13.1
libgimpprint-4.2.7-32.47.13.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
ghostscript-fonts-other-8.62-32.47.13.1
ghostscript-fonts-rus-8.62-32.47.13.1
ghostscript-fonts-std-8.62-32.47.13.1
ghostscript-library-8.62-32.47.13.1
ghostscript-omni-8.62-32.47.13.1
ghostscript-x11-8.62-32.47.13.1
libgimpprint-4.2.7-32.47.13.1
SUSE Linux Enterprise Server 11 SP4
ghostscript-fonts-other-8.62-32.47.13.1
ghostscript-fonts-rus-8.62-32.47.13.1
ghostscript-fonts-std-8.62-32.47.13.1
ghostscript-library-8.62-32.47.13.1
ghostscript-omni-8.62-32.47.13.1
ghostscript-x11-8.62-32.47.13.1
libgimpprint-4.2.7-32.47.13.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
ghostscript-fonts-other-8.62-32.47.13.1
ghostscript-fonts-rus-8.62-32.47.13.1
ghostscript-fonts-std-8.62-32.47.13.1
ghostscript-library-8.62-32.47.13.1
ghostscript-omni-8.62-32.47.13.1
ghostscript-x11-8.62-32.47.13.1
libgimpprint-4.2.7-32.47.13.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ghostscript-devel-8.62-32.47.13.1
ghostscript-ijs-devel-8.62-32.47.13.1
libgimpprint-devel-4.2.7-32.47.13.1

Ссылки

Описание

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки

Описание

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-32.47.13.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-32.47.13.1
Ссылки