Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

SUSE 12-SP2: SUSE-SU-2018:2975-2 Critical: Ghostscript RCE Vulnerability

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
Ghostscript has issued patches for 16 identified vulnerabilities. It's crucial to review these updates and apply them quickly for your SUSE system's security
An update that fixes 16 vulnerabilities is now available

Summary

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173).

References

#1106171 #1106172 #1106173 #1106195 #1107410

#1107411 #1107412 #1107413 #1107420 #1107421

#1107422 #1107423 #1107426 #1107581 #1108027

#1109105

Cross- CVE-2018-15908 CVE-2018-15909 CVE-2018-15910

CVE-2018-15911 CVE-2018-16509 CVE-2018-16510

CVE-2018-16511 CVE-2018-16513 CVE-2018-16539

CVE-2018-16540 CVE-2018-16541 CVE-2018-16542

CVE-2018-16543 CVE-2018-16585 CVE-2018-16802

CVE-2018-17183

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2018-15908.html

https://www.suse.com/security/cve/CVE-2018-15909.html

https://www.suse.com/security/cve/CVE-2018-15910.html

https://www.suse.com/security/cve/CVE-2018-15911.html

https://www.suse.com/security/cve/CVE-2018-16509.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2975-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.