Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color space (bsc#1232265).
- CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution (bsc#1232267).
- CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall (bsc#1232270).
- CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269).
Список пакетов
SUSE Enterprise Storage 7.1
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server 15 SP2-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server 15 SP3-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server 15 SP4-LTSS
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Manager Proxy 4.3
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
SUSE Manager Server 4.3
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
openSUSE Leap 15.5
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
openSUSE Leap 15.6
ghostscript-9.52-150000.200.1
ghostscript-devel-9.52-150000.200.1
ghostscript-x11-9.52-150000.200.1
Ссылки
- Link for SUSE-SU-2024:3941-1
- E-Mail link for SUSE-SU-2024:3941-1
- SUSE Security Ratings
- SUSE Bug 1232265
- SUSE Bug 1232267
- SUSE Bug 1232269
- SUSE Bug 1232270
- SUSE CVE CVE-2024-46951 page
- SUSE CVE CVE-2024-46953 page
- SUSE CVE CVE-2024-46955 page
- SUSE CVE CVE-2024-46956 page
Описание
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ghostscript-9.52-150000.200.1
Ссылки
- CVE-2024-46951
- SUSE Bug 1232173
- SUSE Bug 1232265
Описание
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ghostscript-9.52-150000.200.1
Ссылки
- CVE-2024-46953
- SUSE Bug 1232173
- SUSE Bug 1232267
Описание
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ghostscript-9.52-150000.200.1
Ссылки
- CVE-2024-46955
- SUSE Bug 1232173
- SUSE Bug 1232269
Описание
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Затронутые продукты
SUSE Enterprise Storage 7.1:ghostscript-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-devel-9.52-150000.200.1
SUSE Enterprise Storage 7.1:ghostscript-x11-9.52-150000.200.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ghostscript-9.52-150000.200.1
Ссылки
- CVE-2024-46956
- SUSE Bug 1232173
- SUSE Bug 1232270