Описание
Security update for ghostscript
This update for ghostscript fixes the following issue:
Security issue fixed:
- CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
ghostscript-9.26a-lp150.2.17.2
ghostscript-devel-9.26a-lp150.2.17.2
ghostscript-mini-9.26a-lp150.2.17.2
ghostscript-mini-devel-9.26a-lp150.2.17.2
ghostscript-x11-9.26a-lp150.2.17.2
Ссылки
- E-Mail link for openSUSE-SU-2019:1121-1
- SUSE Security Ratings
- SUSE Bug 1129186
- SUSE CVE CVE-2019-3838 page
Описание
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Затронутые продукты
openSUSE Leap 15.0:ghostscript-9.26a-lp150.2.17.2
openSUSE Leap 15.0:ghostscript-devel-9.26a-lp150.2.17.2
openSUSE Leap 15.0:ghostscript-mini-9.26a-lp150.2.17.2
openSUSE Leap 15.0:ghostscript-mini-devel-9.26a-lp150.2.17.2
Ссылки
- CVE-2019-3838
- SUSE Bug 1018128
- SUSE Bug 1030263
- SUSE Bug 1032135
- SUSE Bug 1038835
- SUSE Bug 1050888
- SUSE Bug 1050889
- SUSE Bug 1106171
- SUSE Bug 1106172
- SUSE Bug 1106173
- SUSE Bug 1107422
- SUSE Bug 1107423
- SUSE Bug 1107581
- SUSE Bug 1111479
- SUSE Bug 1112229
- SUSE Bug 1114495
- SUSE Bug 1117022
- SUSE Bug 1117327
- SUSE Bug 1118318
- SUSE Bug 1129180