Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2348-1

Опубликовано: 10 сент. 2019
Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issues:

Security issue fixed:

  • CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15
ghostscript-9.26a-3.18.2
ghostscript-devel-9.26a-3.18.2
ghostscript-x11-9.26a-3.18.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
ghostscript-9.26a-3.18.2
ghostscript-devel-9.26a-3.18.2
ghostscript-x11-9.26a-3.18.2

Ссылки

Описание

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2
SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2
Ссылки