Описание
Security update for ghostscript
This update for ghostscript fixes the following issue:
- CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275).
Список пакетов
HPE Helion OpenStack 8
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Enterprise Storage 5
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Desktop 12 SP4
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP1-LTSS
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP2-BCL
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP2-LTSS
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP3-BCL
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP3-LTSS
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP4
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server 12 SP5
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE Linux Enterprise Software Development Kit 12 SP4
ghostscript-devel-9.27-23.31.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ghostscript-devel-9.27-23.31.1
SUSE OpenStack Cloud 7
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE OpenStack Cloud 8
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
SUSE OpenStack Cloud Crowbar 8
ghostscript-9.27-23.31.1
ghostscript-x11-9.27-23.31.1
Ссылки
- Link for SUSE-SU-2019:2983-1
- E-Mail link for SUSE-SU-2019:2983-1
- SUSE Security Ratings
- SUSE Bug 1156275
- SUSE CVE CVE-2019-14869 page
Описание
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Затронутые продукты
HPE Helion OpenStack 8:ghostscript-9.27-23.31.1
HPE Helion OpenStack 8:ghostscript-x11-9.27-23.31.1
SUSE Enterprise Storage 5:ghostscript-9.27-23.31.1
SUSE Enterprise Storage 5:ghostscript-x11-9.27-23.31.1
Ссылки
- CVE-2019-14869
- SUSE Bug 1156275