Oval Definition:	oval:org.opensuse.security:def:59430
Revision Date: 2020-12-01 Version: 1 Title: Security update for ghostscript (Important) Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Family: unix Class: patch Status: Reference(s): 1002734 1008539 1034584 1034827 1036494 1041447 1041470 1047262 1050896 1087066 1090023 1090024 1090025 1090026 1090027 1090028 1090029 1090030 1090032 1090033 1104301 1106171 1106172 1106173 1106195 1106222 1107410 1107411 1107412 1107413 1107420 1107421 1107422 1107423 1107426 1107581 1108027 1109105 1110910 1111006 1111010 1111013 1114422 1122293 1122299 1132728 1132729 1132732 1133135 1138872 1145559 1155787 1158328 1162002 1167240 1170383 1171189 1171191 1171220 1171732 1171988 1172049 1172453 1172458 1172775 1172781 1172782 1172783 1172999 1174115 1174462 1174543 1174955 1177155 CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-2518 CVE-2017-8288 CVE-2017-9263 CVE-2017-9265 CVE-2018-10839 CVE-2018-11212 CVE-2018-15746 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-3639 CVE-2018-5383 CVE-2019-11500 CVE-2019-11708 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-20810 CVE-2019-20812 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 CVE-2020-15708 CVE-2020-25637 CVE-2020-5267 SUSE-SU-2017:2212-1 SUSE-SU-2017:2217-1 SUSE-SU-2018:2975-2 SUSE-SU-2018:4237-1 SUSE-SU-2019:0466-1 SUSE-SU-2019:1684-1 SUSE-SU-2019:2454-1 SUSE-SU-2019:3050-1 SUSE-SU-2019:3347-1 SUSE-SU-2020:0954-1 SUSE-SU-2020:2134-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnome-shell-3.26.2+20180130.0d9c74212-lp150.2 is installed OR gnome-shell-calendar-3.26.2+20180130.0d9c74212-lp150.2 is installed OR gnome-shell-lang-3.26.2+20180130.0d9c74212-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information nodejs8-8.16.1-lp151.2.6 is installed OR nodejs8-devel-8.16.1-lp151.2.6 is installed OR nodejs8-docs-8.16.1-lp151.2.6 is installed OR npm8-8.16.1-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ghostscript-9.25-23.13 is installed OR ghostscript-x11-9.25-23.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libXtst6-1.2.2-7 is installed OR libXtst6-32bit-1.2.2-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information qemu-2.9.1-6.22 is installed OR qemu-block-curl-2.9.1-6.22 is installed OR qemu-block-iscsi-2.9.1-6.22 is installed OR qemu-block-rbd-2.9.1-6.22 is installed OR qemu-block-ssh-2.9.1-6.22 is installed OR qemu-guest-agent-2.9.1-6.22 is installed OR qemu-ipxe-1.0.0+-6.22 is installed OR qemu-kvm-2.9.1-6.22 is installed OR qemu-lang-2.9.1-6.22 is installed OR qemu-seabios-1.10.2-6.22 is installed OR qemu-sgabios-8-6.22 is installed OR qemu-tools-2.9.1-6.22 is installed OR qemu-vgabios-1.10.2-6.22 is installed OR qemu-x86-2.9.1-6.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dovecot22-2.2.31-19.11 is installed OR dovecot22-backend-mysql-2.2.31-19.11 is installed OR dovecot22-backend-pgsql-2.2.31-19.11 is installed OR dovecot22-backend-sqlite-2.2.31-19.11 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information cobbler-2.6.6-49.26 is installed OR golang-github-prometheus-node_exporter-0.18.1-1.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information MozillaFirefox-68.3.0-109.98 is installed OR MozillaFirefox-translations-common-68.3.0-109.98 is installed
BACK