Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
SUSE Manager Proxy 4.2
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
SUSE Manager Server 4.2
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
openSUSE Leap 15.4
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
openSUSE Leap 15.5
ghostscript-9.52-150000.170.1
ghostscript-devel-9.52-150000.170.1
ghostscript-x11-9.52-150000.170.1
Ссылки
- Link for SUSE-SU-2023:3438-1
- E-Mail link for SUSE-SU-2023:3438-1
- SUSE Security Ratings
- SUSE Bug 1213637
- SUSE CVE CVE-2023-38559 page
Описание
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:ghostscript-9.52-150000.170.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:ghostscript-devel-9.52-150000.170.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:ghostscript-x11-9.52-150000.170.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:ghostscript-9.52-150000.170.1
Ссылки
- CVE-2023-38559
- SUSE Bug 1213637