SUSE: 2018:2975-3 Important: Ghostscript Remote Code Execution Threat

suse

April 27, 2019

An update that fixes 16 vulnerabilities is now available

Summary

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173).

Topics Covered

security advisory security issue software update remote code execution ghostscript important SUSE

References

#1106171 #1106172 #1106173 #1106195 #1107410

#1107411 #1107412 #1107413 #1107420 #1107421

#1107422 #1107423 #1107426 #1107581 #1108027

#1109105

Cross- CVE-2018-15908 CVE-2018-15909 CVE-2018-15910

CVE-2018-15911 CVE-2018-16509 CVE-2018-16510

CVE-2018-16511 CVE-2018-16513 CVE-2018-16539

CVE-2018-16540 CVE-2018-16541 CVE-2018-16542

CVE-2018-16543 CVE-2018-16585 CVE-2018-16802

CVE-2018-17183

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

https://www.suse.com/security/cve/CVE-2018-15908.html

https://www.suse.com/security/cve/CVE-2018-15909.html

https://www.suse.com/security/cve/CVE-2018-15910.html

https://www.suse.com/security/cve/CVE-2018-15911.html

https://www.suse.com/security/cve/CVE-2018-16509.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2975-3

Rating: important

Topics Covered

security advisory security issue software update remote code execution ghostscript important SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2975-3 Important: Ghostscript Remote Code Execution Threat

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2975-3 Important: Ghostscript Remote Code Execution Threat

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!