Oval Definition:oval:org.opensuse.security:def:56669
Revision Date:2020-12-01Version:1
Title:Security update for ghostscript (Moderate)
Description:

This update for ghostscript fixes several issues.





These security issues were fixed:

- CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879). - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643). - CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1032230). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891). - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889). - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888). - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887). - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184). - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138).
Family:unixClass:patch
Status:Reference(s):1003952
1032138
1032230
1040643
1050879
1050887
1050888
1050889
1050891
1051184
1059777
1060354
1060355
1060360
1060361
1060362
1060364
1061076
1061077
1061080
1061081
1061082
1061084
1061086
1061087
1072947
1077445
1078662
1080740
1082063
1082210
1083417
1083420
1083422
1083424
1083426
1084300
1085967
1091396
1097356
1105010
1113969
1115339
1118319
1118320
1132665
1154862
1157763
1166238
729190
899486
932483
939367
945484
945493
947458
948902
960414
961368
962313
964336
965576
970632
975865
976920
984639
CVE-2009-0793
CVE-2012-2150
CVE-2013-4276
CVE-2014-7204
CVE-2015-8325
CVE-2016-10219
CVE-2016-10317
CVE-2016-1549
CVE-2016-1908
CVE-2016-3115
CVE-2016-4983
CVE-2017-11714
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-15588
CVE-2017-15589
CVE-2017-15590
CVE-2017-15591
CVE-2017-15592
CVE-2017-15593
CVE-2017-15594
CVE-2017-15595
CVE-2017-5526
CVE-2017-9216
CVE-2017-9612
CVE-2017-9726
CVE-2017-9727
CVE-2017-9739
CVE-2017-9835
CVE-2018-15473
CVE-2018-16468
CVE-2018-5848
CVE-2018-7170
CVE-2018-7182
CVE-2018-7183
CVE-2018-7184
CVE-2018-7185
CVE-2018-7738
CVE-2018-8048
CVE-2018-9568
CVE-2019-15961
CVE-2019-17498
CVE-2019-20503
CVE-2020-6805
CVE-2020-6806
CVE-2020-6807
CVE-2020-6811
CVE-2020-6812
CVE-2020-6814
SUSE-SU-2015:2384-1
SUSE-SU-2016:1386-1
SUSE-SU-2016:2097-1
SUSE-SU-2016:2915-1
SUSE-SU-2017:2618-1
SUSE-SU-2017:2873-1
SUSE-SU-2018:0407-1
SUSE-SU-2018:0956-1
SUSE-SU-2018:3910-1
SUSE-SU-2019:0390-1
SUSE-SU-2019:0394-1
SUSE-SU-2019:2936-1
SUSE-SU-2019:3177-1
SUSE-SU-2020:0717-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • lame-3.100-lp150.1 is installed
  • OR libmp3lame0-3.100-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • chromedriver-75.0.3770.90-2 is installed
  • OR chromium-75.0.3770.90-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • ghostscript-9.15-23.7 is installed
  • OR ghostscript-x11-9.15-23.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND xfsprogs-3.2.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • xen-4.5.5_18-22.31 is installed
  • OR xen-doc-html-4.5.5_18-22.31 is installed
  • OR xen-kmp-default-4.5.5_18_k3.12.74_60.64.60-22.31 is installed
  • OR xen-libs-4.5.5_18-22.31 is installed
  • OR xen-libs-32bit-4.5.5_18-22.31 is installed
  • OR xen-tools-4.5.5_18-22.31 is installed
  • OR xen-tools-domU-4.5.5_18-22.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • liblcms1-1.19-17 is installed
  • OR liblcms1-32bit-1.19-17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • gstreamer-plugins-base-1.8.3-13.3 is installed
  • OR gstreamer-plugins-base-lang-1.8.3-13.3 is installed
  • OR libgstallocators-1_0-0-1.8.3-13.3 is installed
  • OR libgstapp-1_0-0-1.8.3-13.3 is installed
  • OR libgstapp-1_0-0-32bit-1.8.3-13.3 is installed
  • OR libgstaudio-1_0-0-1.8.3-13.3 is installed
  • OR libgstaudio-1_0-0-32bit-1.8.3-13.3 is installed
  • OR libgstfft-1_0-0-1.8.3-13.3 is installed
  • OR libgstpbutils-1_0-0-1.8.3-13.3 is installed
  • OR libgstpbutils-1_0-0-32bit-1.8.3-13.3 is installed
  • OR libgstriff-1_0-0-1.8.3-13.3 is installed
  • OR libgstrtp-1_0-0-1.8.3-13.3 is installed
  • OR libgstrtsp-1_0-0-1.8.3-13.3 is installed
  • OR libgstsdp-1_0-0-1.8.3-13.3 is installed
  • OR libgsttag-1_0-0-1.8.3-13.3 is installed
  • OR libgsttag-1_0-0-32bit-1.8.3-13.3 is installed
  • OR libgstvideo-1_0-0-1.8.3-13.3 is installed
  • OR libgstvideo-1_0-0-32bit-1.8.3-13.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • git-2.12.3-27.14 is installed
  • OR git-core-2.12.3-27.14 is installed
  • OR git-doc-2.12.3-27.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • hplip-3.16.11-1 is installed
  • OR hplip-hpijs-3.16.11-1 is installed
  • OR hplip-sane-3.16.11-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libvirt-3.3.0-5.40 is installed
  • OR libvirt-admin-3.3.0-5.40 is installed
  • OR libvirt-client-3.3.0-5.40 is installed
  • OR libvirt-daemon-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-network-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed
  • OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed
  • OR libvirt-daemon-hooks-3.3.0-5.40 is installed
  • OR libvirt-daemon-lxc-3.3.0-5.40 is installed
  • OR libvirt-daemon-qemu-3.3.0-5.40 is installed
  • OR libvirt-daemon-xen-3.3.0-5.40 is installed
  • OR libvirt-doc-3.3.0-5.40 is installed
  • OR libvirt-libs-3.3.0-5.40 is installed
  • OR libvirt-lock-sanlock-3.3.0-5.40 is installed
  • OR libvirt-nss-3.3.0-5.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND git-core-2.12.3-27.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • dnsmasq-2.78-18.3 is installed
  • OR dnsmasq-utils-2.78-18.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • openssh-7.2p2-74.30 is installed
  • OR openssh-askpass-gnome-7.2p2-74.30 is installed
  • OR openssh-fips-7.2p2-74.30 is installed
  • OR openssh-helpers-7.2p2-74.30 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • openstack-manila-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-api-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-data-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-scheduler-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-share-7.3.1~dev15-4.18 is installed
  • OR python-manila-7.3.1~dev15-4.18 is installed
  • OR venv-openstack-manila-7.3.1~dev15-3.17 is installed
  • OR venv-openstack-manila-x86_64-7.3.1~dev15-3.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • cups-1.7.5-20.29 is installed
  • OR cups-client-1.7.5-20.29 is installed
  • OR cups-libs-1.7.5-20.29 is installed
  • OR cups-libs-32bit-1.7.5-20.29 is installed
    • BACK