openSUSE-SU-2020:1142-1

Опубликовано: 03 авг. 2020

Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issues:

fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

ghostscript-9.52-lp151.3.15.1

ghostscript-devel-9.52-lp151.3.15.1

ghostscript-mini-9.52-lp151.3.15.1

ghostscript-mini-devel-9.52-lp151.3.15.1

ghostscript-x11-9.52-lp151.3.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZOZGE4F5XBUTATYZ4I2RVVZ5BKK4QJ6K/
E-Mail link for openSUSE-SU-2020:1142-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1174415
SUSE Bug 1174415
https://www.suse.com/security/cve/CVE-2020-15900/
SUSE CVE CVE-2020-15900 page

Описание

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.

Затронутые продукты

openSUSE Leap 15.1:ghostscript-9.52-lp151.3.15.1

openSUSE Leap 15.1:ghostscript-devel-9.52-lp151.3.15.1

openSUSE Leap 15.1:ghostscript-mini-9.52-lp151.3.15.1

openSUSE Leap 15.1:ghostscript-mini-devel-9.52-lp151.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15900.html
CVE-2020-15900
https://bugzilla.suse.com/1174415
SUSE Bug 1174415

openSUSE-SU-2020:1142-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-15900

Описание

Затронутые продукты

Ссылки