Описание
Security update for ghostscript
This update for ghostscript fixes the following issues:
- CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization (bsc#1243701)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
ghostscript-9.52-23.92.1
ghostscript-devel-9.52-23.92.1
ghostscript-x11-9.52-23.92.1
Ссылки
- Link for SUSE-SU-2025:03460-1
- E-Mail link for SUSE-SU-2025:03460-1
- SUSE Security Ratings
- SUSE Bug 1243701
- SUSE CVE CVE-2025-48708 page
Описание
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-9.52-23.92.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-devel-9.52-23.92.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-x11-9.52-23.92.1
Ссылки
- CVE-2025-48708
- SUSE Bug 1243701