Описание
Security update for ghostscript
This update for ghostscript to 9.27 fixes the following issues:
Security issues fixed:
- CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 4
SUSE Enterprise Storage 5
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2019:2478-1
- E-Mail link for SUSE-SU-2019:2478-1
- SUSE Security Ratings
- SUSE Bug 1129180
- SUSE Bug 1131863
- SUSE Bug 1134156
- SUSE Bug 1140359
- SUSE Bug 1146882
- SUSE Bug 1146884
- SUSE CVE CVE-2019-12973 page
- SUSE CVE CVE-2019-14811 page
- SUSE CVE CVE-2019-14812 page
- SUSE CVE CVE-2019-14813 page
- SUSE CVE CVE-2019-14817 page
- SUSE CVE CVE-2019-3835 page
- SUSE CVE CVE-2019-3839 page
Описание
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
Затронутые продукты
Ссылки
- CVE-2019-12973
- SUSE Bug 1140359
Описание
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Затронутые продукты
Ссылки
- CVE-2019-14811
- SUSE Bug 1146882
Описание
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Затронутые продукты
Ссылки
- CVE-2019-14812
- SUSE Bug 1146882
Описание
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Затронутые продукты
Ссылки
- CVE-2019-14813
- SUSE Bug 1146882
Описание
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Затронутые продукты
Ссылки
- CVE-2019-14817
- SUSE Bug 1146882
- SUSE Bug 1146884
Описание
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Затронутые продукты
Ссылки
- CVE-2019-3835
- SUSE Bug 1129180
Описание
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
Затронутые продукты
Ссылки
- CVE-2019-3839
- SUSE Bug 1134156