Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2018:4090-2 Important: Ghostscript Access Restriction Fixes

suse
Calendar Grey April 27, 2019
Dist Suse Esm H88
SUSE Security Patch for Ghostscript - Critical updates addressing various concerns. Access information on the vulnerabilities that have been mitigated.
An update that solves 8 vulnerabilities and has one errata is now available

Summary

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)

Topics%20covered

Topics Covered

security advisory update ghostscript important access restriction sandbox escape

References

#1109105 #1111479 #1111480 #1112229 #1117022

#1117274 #1117313 #1117327 #1117331

Cross- CVE-2018-17183 CVE-2018-17961 CVE-2018-18073

CVE-2018-18284 CVE-2018-19409 CVE-2018-19475

CVE-2018-19476 CVE-2018-19477

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

https://www.suse.com/security/cve/CVE-2018-17183.html

https://www.suse.com/security/cve/CVE-2018-17961.html

https://www.suse.com/security/cve/CVE-2018-18073.html

https://www.suse.com/security/cve/CVE-2018-18284.html

https://www.suse.com/security/cve/CVE-2018-19409.html

https://www.suse.com/security/cve/CVE-2018-19475.html

https://www.suse.com/security/cve/CVE-2018-19476.html

https://www.suse.com/security/cve/CVE-2018-19477.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4090-2
Rating: important

Topics%20covered

Topics Covered

security advisory update ghostscript important access restriction sandbox escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here