Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

SUSE: 2018:2975-1 Important: Ghostscript Security Advisory

suse
Calendar Grey October 2, 2018
Scroller Suse Esm H88
An important patch has been released for ghostscript, addressing 16 vital security vulnerabilities and enhancing operational stability.
An update that fixes 16 vulnerabilities is now available

Summary

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173).

References

#1106171 #1106172 #1106173 #1106195 #1107410

#1107411 #1107412 #1107413 #1107420 #1107421

#1107422 #1107423 #1107426 #1107581 #1108027

#1109105

Cross- CVE-2018-15908 CVE-2018-15909 CVE-2018-15910

CVE-2018-15911 CVE-2018-16509 CVE-2018-16510

CVE-2018-16511 CVE-2018-16513 CVE-2018-16539

CVE-2018-16540 CVE-2018-16541 CVE-2018-16542

CVE-2018-16543 CVE-2018-16585 CVE-2018-16802

CVE-2018-17183

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Server 12-LTSS

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2975-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.