What Are You Looking For?

Sign Up
MGASA-2018-0408 - Updated ghostscript packages fix security vulnerabilities

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0408.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-17961,
     CVE-2018-18073,
     CVE-2018-18284

Updated ghostscript packages fix many bugs and security vulnerabilities:

Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961)

Saved execution stacks can leak operator arrays. (CVE-2018-18073)

1Policy operator gives access to .forceput. (CVE-2018-18284)

References:
- https://bugs.mageia.org/show_bug.cgi?id=23659
- https://www.openwall.com/lists/oss-security/2018/10/09/4
- https://www.openwall.com/lists/oss-security/2018/10/11/3
- https://www.openwall.com/lists/oss-security/2018/10/10/12
- https://www.openwall.com/lists/oss-security/2018/10/16/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18284

SRPMS:
- 6/core/ghostscript-9.25-1.2.mga6

Mageia 2018-0408: ghostscript security update

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox

Summary

Updated ghostscript packages fix many bugs and security vulnerabilities:
Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961)
Saved execution stacks can leak operator arrays. (CVE-2018-18073)
1Policy operator gives access to .forceput. (CVE-2018-18284)

References

- https://bugs.mageia.org/show_bug.cgi?id=23659

- https://www.openwall.com/lists/oss-security/2018/10/09/4

- https://www.openwall.com/lists/oss-security/2018/10/11/3

- https://www.openwall.com/lists/oss-security/2018/10/10/12

- https://www.openwall.com/lists/oss-security/2018/10/16/2

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17961

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18073

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18284

Resolution

MGASA-2018-0408 - Updated ghostscript packages fix security vulnerabilities

SRPMS

- 6/core/ghostscript-9.25-1.2.mga6

Severity
Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0408.html
Type: security
CVE: CVE-2018-17961, CVE-2018-18073, CVE-2018-18284

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo