Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
ghostscript-9.27-3.24.1
ghostscript-devel-9.27-3.24.1
ghostscript-x11-9.27-3.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
ghostscript-9.27-3.24.1
ghostscript-devel-9.27-3.24.1
ghostscript-x11-9.27-3.24.1
Ссылки
- Link for SUSE-SU-2019:2981-1
- E-Mail link for SUSE-SU-2019:2981-1
- SUSE Security Ratings
- SUSE Bug 1156275
- SUSE CVE CVE-2019-14869 page
Описание
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.27-3.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.27-3.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.27-3.24.1
SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.27-3.24.1
Ссылки
- CVE-2019-14869
- SUSE Bug 1156275