Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2018:4087-1 Important: Ghostscript Access Issues Fixed

suse
Calendar Grey December 12, 2018
Dist Suse Esm H88
An essential Fedora patch addresses multiple vulnerability concerns in ImageMagick, improving safety for all impacted components.
An update that solves 8 vulnerabilities and has one errata is now available

Summary

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)

References

#1109105 #1111479 #1111480 #1112229 #1117022

#1117274 #1117313 #1117327 #1117331

Cross- CVE-2018-17183 CVE-2018-17961 CVE-2018-18073

CVE-2018-18284 CVE-2018-19409 CVE-2018-19475

CVE-2018-19476 CVE-2018-19477

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-17183.html

https://www.suse.com/security/cve/CVE-2018-17961.html

https://www.suse.com/security/cve/CVE-2018-18073.html

https://www.suse.com/security/cve/CVE-2018-18284.html

https://www.suse.com/security/cve/CVE-2018-19409.html

https://www.suse.com/security/cve/CVE-2018-19475.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4087-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here