Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)
Список пакетов
HPE Helion OpenStack 8
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server 12 SP2-BCL
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server 12 SP3-BCL
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server 12 SP3-LTSS
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server 12 SP4-LTSS
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server 12 SP5
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ghostscript-devel-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
SUSE OpenStack Cloud 8
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE OpenStack Cloud 9
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE OpenStack Cloud Crowbar 8
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
SUSE OpenStack Cloud Crowbar 9
ghostscript-9.52-23.42.1
ghostscript-devel-9.52-23.42.1
ghostscript-x11-9.52-23.42.1
libspectre-devel-0.2.7-12.12.1
libspectre1-0.2.7-12.12.1
Ссылки
- Link for SUSE-SU-2021:3180-1
- E-Mail link for SUSE-SU-2021:3180-1
- SUSE Security Ratings
- SUSE Bug 1190381
- SUSE CVE CVE-2021-3781 page
Описание
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
HPE Helion OpenStack 8:ghostscript-9.52-23.42.1
HPE Helion OpenStack 8:ghostscript-devel-9.52-23.42.1
HPE Helion OpenStack 8:ghostscript-x11-9.52-23.42.1
HPE Helion OpenStack 8:libspectre-devel-0.2.7-12.12.1
Ссылки
- CVE-2021-3781
- SUSE Bug 1190381
- SUSE Bug 1191712