SUSE: 2018:2975-3 important: ghostscript

    Date27 Apr 2019
    CategorySuSE
    442
    Posted ByLinuxSecurity Advisories
    An update that fixes 16 vulnerabilities is now available.
    
       SUSE Security Update: Security update for ghostscript
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2018:2975-3
    Rating:             important
    References:         #1106171 #1106172 #1106173 #1106195 #1107410 
                        #1107411 #1107412 #1107413 #1107420 #1107421 
                        #1107422 #1107423 #1107426 #1107581 #1108027 
                        #1109105 
    Cross-References:   CVE-2018-15908 CVE-2018-15909 CVE-2018-15910
                        CVE-2018-15911 CVE-2018-16509 CVE-2018-16510
                        CVE-2018-16511 CVE-2018-16513 CVE-2018-16539
                        CVE-2018-16540 CVE-2018-16541 CVE-2018-16542
                        CVE-2018-16543 CVE-2018-16585 CVE-2018-16802
                        CVE-2018-17183
    Affected Products:
                        SUSE Linux Enterprise Server for SAP 12-SP1
    ______________________________________________________________________________
    
       An update that fixes 16 vulnerabilities is now available.
    
    Description:
    
       This update for ghostscript to version 9.25 fixes the following issues:
    
       These security issues were fixed:
    
       - CVE-2018-17183: Remote attackers were be able to supply crafted
         PostScript to potentially overwrite or replace error handlers to inject
         code (bsc#1109105)
       - CVE-2018-15909: Prevent type confusion using the .shfill operator that
         could have been used by attackers able to supply crafted PostScript
         files to crash the interpreter or potentially execute code (bsc#1106172).
       - CVE-2018-15908: Prevent attackers that are able to supply malicious
         PostScript files to bypass .tempfile restrictions and write files
         (bsc#1106171).
       - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams
         parameter that could have been used to crash the interpreter or execute
         code (bsc#1106173).
       - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode
         operator that could have been used to crash the interpreter or
          potentially execute code (bsc#1106195).
       - CVE-2018-16513: Prevent a type confusion in the setcolor function that
         could have been used to crash the interpreter or possibly have
         unspecified other impact (bsc#1107412).
       - CVE-2018-16509: Incorrect "restoration of privilege" checking during
         handling
         of /invalidaccess exceptions could be have been used by attackers able
          to supply crafted PostScript to execute code using the "pipe"
          instruction (bsc#1107410).
       - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF
         primitives could have been used by remote attackers able to supply
         crafted PDFs to crash the interpreter or possibly have unspecified other
         impact (bsc#1107411).
       - CVE-2018-16542: Prevent attackers able to supply crafted PostScript
         files from using insufficient interpreter stack-size checking during
         error handling to crash the interpreter (bsc#1107413).
       - CVE-2018-16541: Prevent attackers able to supply crafted PostScript
         files from using incorrect free logic in pagedevice replacement to crash
         the interpreter (bsc#1107421).
       - CVE-2018-16540: Prevent use-after-free in copydevice handling that could
         have been used to crash the interpreter or possibly have unspecified
         other impact (bsc#1107420).
       - CVE-2018-16539: Prevent attackers able to supply crafted PostScript
         files from using incorrect access checking in temp file handling to
         disclose contents
         of files on the system otherwise not readable (bsc#1107422).
       - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to
         have an unspecified impact (bsc#1107423).
       - CVE-2018-16511: A type confusion in "ztype" could have been used by
         remote attackers able to supply crafted PostScript to crash the
         interpreter or possibly have unspecified other impact (bsc#1107426).
       - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted
         even though it is not intended for use during document processing (e.g.,
         after the startup phase). This lead to memory corruption, allowing
         remote attackers able to supply crafted PostScript to crash the
         interpreter or possibly have unspecified other impact (bsc#1107581).
       - CVE-2018-16802: Incorrect "restoration of privilege" checking when
         running
         out of stack during exception handling could have been used by attackers
          able to supply crafted PostScript to execute code using the "pipe"
          instruction. This is due to an incomplete fix for CVE-2018-16509
          (bsc#1108027).
    
       These non-security issues were fixed:
    
       * Fixes problems with argument handling, some unintended results of the
         security fixes to the SAFER file access restrictions (specifically
         accessing ICC profile files).
       * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--'
    
       For additional changes please check
       http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the
       package.
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1074=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
    
          ghostscript-9.25-23.13.1
          ghostscript-debuginfo-9.25-23.13.1
          ghostscript-debugsource-9.25-23.13.1
          ghostscript-x11-9.25-23.13.1
          ghostscript-x11-debuginfo-9.25-23.13.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-15908.html
       https://www.suse.com/security/cve/CVE-2018-15909.html
       https://www.suse.com/security/cve/CVE-2018-15910.html
       https://www.suse.com/security/cve/CVE-2018-15911.html
       https://www.suse.com/security/cve/CVE-2018-16509.html
       https://www.suse.com/security/cve/CVE-2018-16510.html
       https://www.suse.com/security/cve/CVE-2018-16511.html
       https://www.suse.com/security/cve/CVE-2018-16513.html
       https://www.suse.com/security/cve/CVE-2018-16539.html
       https://www.suse.com/security/cve/CVE-2018-16540.html
       https://www.suse.com/security/cve/CVE-2018-16541.html
       https://www.suse.com/security/cve/CVE-2018-16542.html
       https://www.suse.com/security/cve/CVE-2018-16543.html
       https://www.suse.com/security/cve/CVE-2018-16585.html
       https://www.suse.com/security/cve/CVE-2018-16802.html
       https://www.suse.com/security/cve/CVE-2018-17183.html
       https://bugzilla.suse.com/1106171
       https://bugzilla.suse.com/1106172
       https://bugzilla.suse.com/1106173
       https://bugzilla.suse.com/1106195
       https://bugzilla.suse.com/1107410
       https://bugzilla.suse.com/1107411
       https://bugzilla.suse.com/1107412
       https://bugzilla.suse.com/1107413
       https://bugzilla.suse.com/1107420
       https://bugzilla.suse.com/1107421
       https://bugzilla.suse.com/1107422
       https://bugzilla.suse.com/1107423
       https://bugzilla.suse.com/1107426
       https://bugzilla.suse.com/1107581
       https://bugzilla.suse.com/1108027
       https://bugzilla.suse.com/1109105
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.