Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
Security issue fixed:
- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
ghostscript-9.26a-23.25.1
ghostscript-x11-9.26a-23.25.1
SUSE Linux Enterprise Server 12 SP4
ghostscript-9.26a-23.25.1
ghostscript-x11-9.26a-23.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ghostscript-9.26a-23.25.1
ghostscript-x11-9.26a-23.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4
ghostscript-devel-9.26a-23.25.1
Ссылки
- Link for SUSE-SU-2019:2347-1
- E-Mail link for SUSE-SU-2019:2347-1
- SUSE Security Ratings
- SUSE Bug 1144621
- SUSE CVE CVE-2019-10216 page
Описание
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1
SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1
SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1
SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1
Ссылки
- CVE-2019-10216
- SUSE Bug 1144621
- SUSE Bug 1146882
- SUSE Bug 1146884