Описание
Security update for ghostscript
This update for ghostscript fixes the following issue:
Security issue fixed:
- CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
ghostscript-9.26a-14.18.1
ghostscript-devel-9.26a-14.18.1
ghostscript-mini-9.26a-14.18.1
ghostscript-mini-devel-9.26a-14.18.1
ghostscript-x11-9.26a-14.18.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1119-1
- SUSE Security Ratings
Описание
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Затронутые продукты
openSUSE Leap 42.3:ghostscript-9.26a-14.18.1
openSUSE Leap 42.3:ghostscript-devel-9.26a-14.18.1
openSUSE Leap 42.3:ghostscript-mini-9.26a-14.18.1
openSUSE Leap 42.3:ghostscript-mini-devel-9.26a-14.18.1
Ссылки
- CVE-2019-3838
- SUSE Bug 1018128
- SUSE Bug 1030263
- SUSE Bug 1032135
- SUSE Bug 1038835
- SUSE Bug 1050888
- SUSE Bug 1050889
- SUSE Bug 1106171
- SUSE Bug 1106172
- SUSE Bug 1106173
- SUSE Bug 1107422
- SUSE Bug 1107423
- SUSE Bug 1107581
- SUSE Bug 1111479
- SUSE Bug 1112229
- SUSE Bug 1114495
- SUSE Bug 1117022
- SUSE Bug 1117327
- SUSE Bug 1118318
- SUSE Bug 1129180