Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 6: MGASA-2018-0378 Critical: Ghostscript File Exploits

mageia
Calendar Grey September 21, 2018
Dist Mageia Esm H88
Ghostscript release tackles significant security vulnerabilities that could lead to unauthorized code execution. Keep yourself updated on the essential patches.
Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files...

Summary

Updated ghostscript packages fix several security vulnerabilities including:
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (CVE-2018-15908).
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (CVE-2018-15909).
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code (CVE-2018-15910).
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code (CVE-2018-15911).
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23526

- - https://www.openwall.com/lists/oss-security/2018/09/05/3

- https://www.openwall.com/lists/oss-security/2018/09/06/3

- https://www.openwall.com/lists/oss-security/2018/09/09/1

- https://www.openwall.com/lists/oss-security/2018/09/09/2

- https://www.openwall.com/lists/oss-security/2018/09/11/1

- https://www.cve.org/CVERecord?id=CVE-2018-15908

- https://www.cve.org/CVERecord?id=CVE-2018-15909

- https://www.cve.org/CVERecord?id=CVE-2018-15910

- https://www.cve.org/CVERecord?id=CVE-2018-15911

- https://www.cve.org/CVERecord?id=CVE-2018-16509

- https://www.cve.org/CVERecord?id=CVE-2018-16510

- https://www.cve.org/CVERecord?id=CVE-2018-16511

- https://www.cve.org/CVERecord?id=CVE-2018-16513

- https://www.cve.org/CVERecord?id=CVE-2018-16539

- https://www.cve.org/CVERecord?id=CVE-2018-16540

- https://www.cve.org/CVERecord?id=CVE-2018-16541

- https://www.cve.org/CVERecord?id=CVE-2018-16542

- https://www.cve.org/CVERecord?id=CVE-2018-16543

- https://www.cve.org/CVERecord?id=CVE-2018-16802

Topics%20covered

Topics Covered

security advisory critical ghostscript vulnerability PostScript malicious file Mageia

Resolution

SRPMS

- 6/core/ghostscript-9.24-1.5.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Sep 2018
URL: https://advisories.mageia.org/MGASA-2018-0378.html
Type: security
CVE: CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911, CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543, CVE-2018-16802

Topics%20covered

Topics Covered

security advisory critical ghostscript vulnerability PostScript malicious file Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here