Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
Security issue fixed:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
Also a hardening fix was added:
- Link as position independent executable (bsc#1184123)
Список пакетов
SUSE Enterprise Storage 6
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Server 15 SP1-BCL
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Server 15 SP1-LTSS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Server 15-LTSS
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Server for SAP Applications 15
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Manager Proxy 4.0
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Manager Retail Branch Server 4.0
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
SUSE Manager Server 4.0
ghostscript-9.52-155.1
ghostscript-devel-9.52-155.1
ghostscript-x11-9.52-155.1
libspectre-devel-0.2.8-3.12.1
libspectre1-0.2.8-3.12.1
Ссылки
- Link for SUSE-SU-2021:3044-1
- E-Mail link for SUSE-SU-2021:3044-1
- SUSE Security Ratings
- SUSE Bug 1184123
- SUSE Bug 1190381
- SUSE CVE CVE-2021-3781 page
Описание
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
SUSE Enterprise Storage 6:ghostscript-9.52-155.1
SUSE Enterprise Storage 6:ghostscript-devel-9.52-155.1
SUSE Enterprise Storage 6:ghostscript-x11-9.52-155.1
SUSE Enterprise Storage 6:libspectre-devel-0.2.8-3.12.1
Ссылки
- CVE-2021-3781
- SUSE Bug 1190381
- SUSE Bug 1191712