Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE Leap 42.3: openSUSE-SU-2018:4140-1 Important: Ghostscript Security

opensuse
Calendar Grey December 15, 2018
Dist Opensuse Esm H88
Significant openSUSE upgrade for Ghostscript addresses several accessibility vulnerabilities and fortifies defenses against possible exploits.
An update that solves 8 vulnerabilities and has one errata is now available.

Description

This update for ghostscript to version 9.26 fixes the following issues:

Security issues fixed:

- CVE-2018-19475: Fixed bypass of an intended access restriction in

psi/zdevice2.c (bsc#1117327)

- CVE-2018-19476: Fixed bypass of an intended access restriction in

psi/zicc.c (bsc#1117313)

- CVE-2018-19477: Fixed bypass of an intended access restriction in

psi/zfjbig2.c (bsc#1117274)

- CVE-2018-19409: Check if another device is used correctly in

LockSafetyParams (bsc#1117022)

- CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator

(bsc#1112229)

- CVE-2018-18073: Fixed leaks through operator in saved execution stacks

(bsc#1111480)

- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly

(bsc#1111479)

- CVE-2018-17183: Fixed a potential code injection by specially crafted

PostScript files (bsc#1109105)

Version update to 9.26 (bsc#1117331):

- Security issues have been the primary...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory ghostscript important code injection access restriction openSUSE sandbox escape

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1556=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ghostscript-9.26-14.12.1

ghostscript-debuginfo-9.26-14.12.1

ghostscript-debugsource-9.26-14.12.1

ghostscript-devel-9.26-14.12.1

ghostscript-mini-9.26-14.12.1

ghostscript-mini-debuginfo-9.26-14.12.1

ghostscript-mini-debugsource-9.26-14.12.1

ghostscript-mini-devel-9.26-14.12.1

ghostscript-x11-9.26-14.12.1

ghostscript-x11-debuginfo-9.26-14.12.1

libspectre-debugsource-0.2.7-17.4.2

libspectre-devel-0.2.7-17.4.2

libspectre1-0.2.7-17.4.2

libspectre1-debuginfo-0.2.7-17.4.2

References

https://www.suse.com/security/cve/CVE-2018-17183.html

https://www.suse.com/security/cve/CVE-2018-17961.html

https://www.suse.com/security/cve/CVE-2018-18073.html

https://www.suse.com/security/cve/CVE-2018-18284.html

https://www.suse.com/security/cve/CVE-2018-19409.html

https://www.suse.com/security/cve/CVE-2018-19475.html

https://www.suse.com/security/cve/CVE-2018-19476.html

https://www.suse.com/security/cve/CVE-2018-19477.html

https://bugzilla.suse.com/1109105

https://bugzilla.suse.com/1111479

https://bugzilla.suse.com/1111480

https://bugzilla.suse.com/1112229

https://bugzilla.suse.com/1117022

https://bugzilla.suse.com/1117274

https://bugzilla.suse.com/1117313

https://bugzilla.suse.com/1117327

https://bugzilla.suse.com/1117331

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:4140-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory ghostscript important code injection access restriction openSUSE sandbox escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here