Overview

File _patchinfo of Package patchinfo.12578

<patchinfo incident="12578">
  <issue tracker="cve" id="2019-3835"/>
  <issue tracker="cve" id="2019-3839"/>
  <issue tracker="cve" id="2019-12973"/>
  <issue tracker="cve" id="2019-14811"/>
  <issue tracker="cve" id="2019-14812"/>
  <issue tracker="cve" id="2019-14813"/>
  <issue tracker="cve" id="2019-14817"/>
  <issue tracker="bnc" id="1134156">VUL-0: CVE-2019-3839: ghostscript,ghostscript-library: missing attack vector protections for CVE-2019-6116</issue>
  <issue tracker="bnc" id="1129180">VUL-1:  CVE-2019-3835: ghostscript,ghostscript-library: superexec operator is available</issue>
  <issue tracker="bnc" id="1140359">VUL-1: CVE-2019-12973: openjpeg,ghostscript,ghostscript-library,openjpeg2: In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a de</issue>
  <issue tracker="bnc" id="1146882">VUL-0: CVE-2019-14811,CVE-2019-14812,CVE-2019-14813: ghostscript,ghostscript-library: multiple cases of Safer Mode Bypass by .forceput Exposure</issue>
  <issue tracker="bnc" id="1146884">VUL-0: CVE-2019-14817: ghostscript,ghostscript-library: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures</issue>
  <issue tracker="bnc" id="1131863">VUL-0: ghostscript: 9.27 release</issue>
  <packager>WernerFink</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ghostscript</summary>
  <description>This update for ghostscript to 9.27 fixes the following issues:

Security issues fixed:

- CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator.  (bsc#1129180)
- CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places