Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:14155-1

Опубликовано: 28 авг. 2019
Источник: suse-cvrf

Описание

Recommended update for ghostscript-library

This update for ghostscript-library fixes the following issues:

Security issue fixed:

  • CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker (bsc#1129186).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
ghostscript-fonts-other-8.62-47.16.1
ghostscript-fonts-rus-8.62-47.16.1
ghostscript-fonts-std-8.62-47.16.1
ghostscript-library-8.62-47.16.1
ghostscript-omni-8.62-47.16.1
ghostscript-x11-8.62-47.16.1
libgimpprint-4.2.7-47.16.1
SUSE Linux Enterprise Server 11 SP4-LTSS
ghostscript-fonts-other-8.62-47.16.1
ghostscript-fonts-rus-8.62-47.16.1
ghostscript-fonts-std-8.62-47.16.1
ghostscript-library-8.62-47.16.1
ghostscript-omni-8.62-47.16.1
ghostscript-x11-8.62-47.16.1
libgimpprint-4.2.7-47.16.1

Ссылки

Описание

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-other-8.62-47.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-rus-8.62-47.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-fonts-std-8.62-47.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:ghostscript-library-8.62-47.16.1
Ссылки