openSUSE-SU-2016:2855-1

Опубликовано: 17 нояб. 2016

Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issues:

bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince (kde#371887).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

ghostscript-9.15-14.1

ghostscript-devel-9.15-14.1

ghostscript-mini-9.15-14.1

ghostscript-mini-devel-9.15-14.1

ghostscript-x11-9.15-14.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-11/msg00084.html
E-Mail link for openSUSE-SU-2016:2855-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

Затронутые продукты

openSUSE Leap 42.1:ghostscript-9.15-14.1

openSUSE Leap 42.1:ghostscript-devel-9.15-14.1

openSUSE Leap 42.1:ghostscript-mini-9.15-14.1

openSUSE Leap 42.1:ghostscript-mini-devel-9.15-14.1

Ссылки

https://www.suse.com/security/cve/CVE-2013-5653.html
CVE-2013-5653
https://bugzilla.suse.com/1001951
SUSE Bug 1001951
https://bugzilla.suse.com/1004237
SUSE Bug 1004237
https://bugzilla.suse.com/1036453
SUSE Bug 1036453

openSUSE-SU-2016:2855-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2013-5653

Описание

Затронутые продукты

Ссылки