Описание
Security update for ghostscript
This update for ghostscript to version 9.26 fixes the following issues:
Security issues fixed:
- CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)
- CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)
- CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)
- CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)
- CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)
- CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)
- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)
- CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)
Version update to 9.26 (bsc#1117331):
- Security issues have been the primary focus
- Minor bug fixes and improvements
- For release summary see: http://www.ghostscript.com/doc/9.26/News.htm
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:4140-1
- SUSE Security Ratings
Описание
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
Затронутые продукты
Ссылки
- CVE-2018-17183
- SUSE Bug 1108027
- SUSE Bug 1109105
- SUSE Bug 1111479
- SUSE Bug 1111480
- SUSE Bug 1112229
- SUSE Bug 1117022
- SUSE Bug 1117331
- SUSE Bug 1118455
Описание
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
Затронутые продукты
Ссылки
- CVE-2018-17961
- SUSE Bug 1108027
- SUSE Bug 1109105
- SUSE Bug 1111479
- SUSE Bug 1111480
- SUSE Bug 1112229
- SUSE Bug 1117022
- SUSE Bug 1117331
- SUSE Bug 1118455
- SUSE Bug 1129180
Описание
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Затронутые продукты
Ссылки
- CVE-2018-18073
- SUSE Bug 1108027
- SUSE Bug 1109105
- SUSE Bug 1111479
- SUSE Bug 1111480
- SUSE Bug 1112229
- SUSE Bug 1117022
- SUSE Bug 1117331
- SUSE Bug 1118455
Описание
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
Затронутые продукты
Ссылки
- CVE-2018-18284
- SUSE Bug 1108027
- SUSE Bug 1109105
- SUSE Bug 1111479
- SUSE Bug 1111480
- SUSE Bug 1112229
- SUSE Bug 1117022
- SUSE Bug 1117331
- SUSE Bug 1118455
- SUSE Bug 1127993
- SUSE Bug 1144621
Описание
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
Затронутые продукты
Ссылки
- CVE-2018-19409
- SUSE Bug 1108027
- SUSE Bug 1109105
- SUSE Bug 1111479
- SUSE Bug 1111480
- SUSE Bug 1112229
- SUSE Bug 1117022
- SUSE Bug 1117331
- SUSE Bug 1118455
Описание
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Затронутые продукты
Ссылки
- CVE-2018-19475
- SUSE Bug 1117327
- SUSE Bug 1117331
Описание
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
Затронутые продукты
Ссылки
- CVE-2018-19476
- SUSE Bug 1117313
- SUSE Bug 1117331
Описание
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Затронутые продукты
Ссылки
- CVE-2018-19477
- SUSE Bug 1117274
- SUSE Bug 1117331