Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- Fixed segfaults in gs_heap_free_object() — ref:_00D1igLOd._500Tr4BRgx:ref (bsc#1219357).
Previously fixed security issue:
- CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) (bsc#1219554).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
ghostscript-9.52-23.71.1
ghostscript-devel-9.52-23.71.1
ghostscript-x11-9.52-23.71.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ghostscript-9.52-23.71.1
ghostscript-devel-9.52-23.71.1
ghostscript-x11-9.52-23.71.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ghostscript-devel-9.52-23.71.1
Ссылки
- Link for SUSE-SU-2024:0921-1
- E-Mail link for SUSE-SU-2024:0921-1
- SUSE Security Ratings
- SUSE Bug 1219357
- SUSE Bug 1219554
- SUSE CVE CVE-2020-36773 page
Описание
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:ghostscript-9.52-23.71.1
SUSE Linux Enterprise Server 12 SP5:ghostscript-devel-9.52-23.71.1
SUSE Linux Enterprise Server 12 SP5:ghostscript-x11-9.52-23.71.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-9.52-23.71.1
Ссылки
- CVE-2020-36773
- SUSE Bug 1219554