Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (bsc#1215466).
Список пакетов
SUSE Enterprise Storage 7.1
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Module for Basesystem 15 SP4
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Module for Basesystem 15 SP5
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP1-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP2-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP3-LTSS
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Manager Proxy 4.2
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
SUSE Manager Server 4.2
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
openSUSE Leap 15.4
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
openSUSE Leap 15.5
ghostscript-9.52-150000.173.2
ghostscript-devel-9.52-150000.173.2
ghostscript-x11-9.52-150000.173.2
Ссылки
- Link for SUSE-SU-2023:3984-1
- E-Mail link for SUSE-SU-2023:3984-1
- SUSE Security Ratings
- SUSE Bug 1215466
- SUSE CVE CVE-2023-43115 page
Описание
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.173.2
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.173.2
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ghostscript-9.52-150000.173.2
Ссылки
- CVE-2023-43115
- SUSE Bug 1215466
- SUSE Bug 1217554
- SUSE Bug 1217601
- SUSE Bug 1221587