openSUSE-SU-2021:3044-1

Опубликовано: 15 сент. 2021

Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issues:

Security issue fixed:

CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381)

Also a hardening fix was added:

Link as position independent executable (bsc#1184123)

Список пакетов

openSUSE Leap 15.3

ghostscript-9.52-155.1

ghostscript-devel-9.52-155.1

ghostscript-x11-9.52-155.1

libspectre-devel-0.2.8-3.12.1

libspectre1-0.2.8-3.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M64NXCVRRUDYD4U65CYH2ROCOGMSYF3U/
E-Mail link for openSUSE-SU-2021:3044-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184123
SUSE Bug 1184123
https://bugzilla.suse.com/1190381
SUSE Bug 1190381
https://www.suse.com/security/cve/CVE-2021-3781/
SUSE CVE CVE-2021-3781 page

Описание

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые продукты

openSUSE Leap 15.3:ghostscript-9.52-155.1

openSUSE Leap 15.3:ghostscript-devel-9.52-155.1

openSUSE Leap 15.3:ghostscript-x11-9.52-155.1

openSUSE Leap 15.3:libspectre-devel-0.2.8-3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3781.html
CVE-2021-3781
https://bugzilla.suse.com/1190381
SUSE Bug 1190381
https://bugzilla.suse.com/1191712
SUSE Bug 1191712

openSUSE-SU-2021:3044-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-3781

Описание

Затронутые продукты

Ссылки