openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Security update for ghostscript

This update for ghostscript fixes the following issues:

Security issues fixed:

- CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)

This update was imported from the SUSE:SLE-15:Update update project.

Submitted by Dr. Werner Fink (WernerFink)

Fixed bugs

VUL-0: CVE-2019-3839: ghostscript,ghostscript-library: missing attack vector protections for CVE-2019-6116

bnc#1146884

VUL-0: CVE-2019-14817: ghostscript,ghostscript-library: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures

bnc#1140359

VUL-1: CVE-2019-12973: openjpeg,ghostscript,ghostscript-library,openjpeg2: In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a de

bnc#1146882

VUL-0: CVE-2019-14811,CVE-2019-14812,CVE-2019-14813: ghostscript,ghostscript-library: multiple cases of Safer Mode Bypass by .forceput Exposure

bnc#1129180

VUL-1: CVE-2019-3835: ghostscript,ghostscript-library: superexec operator is available

bnc#1129186

VUL-0: CVE-2019-3838: ghostscript,ghostscript-library: forceput in DefineResource is still accessible

Places

Fixed bugs

Selected Binaries

Places