Описание
Security update for ghostscript
This update for ghostscript fixes the following issue:
Security issue fixed:
- CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
ghostscript-9.26a-3.15.1
ghostscript-devel-9.26a-3.15.1
ghostscript-x11-9.26a-3.15.1
Ссылки
- Link for SUSE-SU-2019:0718-1
- E-Mail link for SUSE-SU-2019:0718-1
- SUSE Security Ratings
- SUSE Bug 1129186
- SUSE CVE CVE-2019-3838 page
Описание
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.15.1
SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.15.1
SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.15.1
Ссылки
- CVE-2019-3838
- SUSE Bug 1018128
- SUSE Bug 1030263
- SUSE Bug 1032135
- SUSE Bug 1038835
- SUSE Bug 1050888
- SUSE Bug 1050889
- SUSE Bug 1106171
- SUSE Bug 1106172
- SUSE Bug 1106173
- SUSE Bug 1107422
- SUSE Bug 1107423
- SUSE Bug 1107581
- SUSE Bug 1111479
- SUSE Bug 1112229
- SUSE Bug 1114495
- SUSE Bug 1117022
- SUSE Bug 1117327
- SUSE Bug 1118318
- SUSE Bug 1129180