Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0719-1

Опубликовано: 22 мар. 2019
Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issue:

Security issue fixed:

  • CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).

Список пакетов

SUSE Enterprise Storage 4
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Desktop 12 SP3
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Desktop 12 SP4
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12 SP1-LTSS
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12 SP2-BCL
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12 SP2-LTSS
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12 SP3
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12 SP4
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server 12-LTSS
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ghostscript-devel-9.26a-23.22.1
SUSE Linux Enterprise Software Development Kit 12 SP4
ghostscript-devel-9.26a-23.22.1
SUSE OpenStack Cloud 7
ghostscript-9.26a-23.22.1
ghostscript-x11-9.26a-23.22.1

Ссылки

Описание

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Затронутые продукты
SUSE Enterprise Storage 4:ghostscript-9.26a-23.22.1
SUSE Enterprise Storage 4:ghostscript-x11-9.26a-23.22.1
SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.26a-23.22.1
SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.26a-23.22.1
Ссылки