Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062).
Список пакетов
SUSE Enterprise Storage 7
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Enterprise Storage 7.1
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Real Time 15 SP3
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server 15 SP1-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server 15 SP2-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server 15 SP3-LTSS
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Manager Proxy 4.2
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
SUSE Manager Server 4.2
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
openSUSE Leap 15.4
ghostscript-9.52-150000.164.1
ghostscript-devel-9.52-150000.164.1
ghostscript-x11-9.52-150000.164.1
Ссылки
- Link for SUSE-SU-2023:1799-1
- E-Mail link for SUSE-SU-2023:1799-1
- SUSE Security Ratings
- SUSE Bug 1210062
- SUSE CVE CVE-2023-28879 page
Описание
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.164.1
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.164.1
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.164.1
SUSE Enterprise Storage 7:ghostscript-9.52-150000.164.1
Ссылки
- CVE-2023-28879
- SUSE Bug 1210062
- SUSE Bug 1210900
- SUSE Bug 1211514
- SUSE Bug 1213844