Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (b sc#1215466).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
ghostscript-9.52-23.60.1
ghostscript-devel-9.52-23.60.1
ghostscript-x11-9.52-23.60.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ghostscript-9.52-23.60.1
ghostscript-devel-9.52-23.60.1
ghostscript-x11-9.52-23.60.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ghostscript-devel-9.52-23.60.1
Ссылки
- Link for SUSE-SU-2023:3938-1
- E-Mail link for SUSE-SU-2023:3938-1
- SUSE Security Ratings
- SUSE Bug 1215466
- SUSE CVE CVE-2023-43115 page
Описание
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ghostscript-9.52-23.60.1
SUSE Linux Enterprise Server 12 SP5:ghostscript-devel-9.52-23.60.1
SUSE Linux Enterprise Server 12 SP5:ghostscript-x11-9.52-23.60.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-9.52-23.60.1
Ссылки
- CVE-2023-43115
- SUSE Bug 1215466
- SUSE Bug 1217554
- SUSE Bug 1217601
- SUSE Bug 1221587