Oval Definition:oval:org.opensuse.security:def:88624
Revision Date:2018-12-12Version:1
Title:Security update for ghostscript (Important)
Description:

This update for ghostscript to version 9.26 fixes the following issues:

Security issues fixed:

- CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)

Version update to 9.26 (bsc#1117331):

- Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm
Family:unixClass:patch
Status:Reference(s):1109105
1111479
1111480
1112229
1117022
1117274
1117313
1117327
1117331
CVE-2018-17183
CVE-2018-17961
CVE-2018-18073
CVE-2018-18284
CVE-2018-19409
CVE-2018-19475
CVE-2018-19476
CVE-2018-19477
SUSE-SU-2018:4090-1
Platform(s):SUSE Linux Enterprise Server 12 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • ghostscript-9.26-23.16.1 is installed
  • OR ghostscript-x11-9.26-23.16.1 is installed
  • OR libspectre1-0.2.7-12.4.1 is installed
  • BACK