Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
patchinfo.9621
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.9621
<patchinfo incident="9621"> <issue tracker="bnc" id="1109105">VUL-0: CVE-2018-17183: ghostscript,ghostscript-library: remote attackers could be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code</issue> <issue tracker="bnc" id="1117331">VUL-0: ghostscript: update to version 9.26</issue> <issue tracker="bnc" id="1117327">VUL-0: CVE-2018-19475: ghostscript,ghostscript-library: psi/zdevice2.c allows attackers to bypass intended access restrictions</issue> <issue tracker="bnc" id="1117274">VUL-0: CVE-2018-19477: ghostscript,ghostscript-library: psi/zfjbig2.c allows attackers to bypass intended access restrictions because of a JBIG2Decode type confusion</issue> <issue tracker="bnc" id="1117313">VUL-0: CVE-2018-19476: ghostscript,ghostscript-library: psi/zicc.c allows attackers to bypass intended access restrictions because of a setcolorspace type confusion</issue> <issue tracker="bnc" id="1111479">VUL-0: CVE-2018-17961: ghostscript,ghostscript-library: bypassing executeonly to escape -dSAFER sandbox</issue> <issue tracker="bnc" id="1117022">VUL-0: CVE-2018-19409: ghostscript,ghostscript-library: LockSafetyParams is not checked correctly if another device is used</issue> <issue tracker="bnc" id="1111480">VUL-0: CVE-2018-18073: ghostscript,ghostscript-library: saved execution stacks can leak operator arrays</issue> <issue tracker="bnc" id="1112229">VUL-0: CVE-2018-18284: ghostscript,ghostscript-library: 1Policy operator gives access to .forceput</issue> <issue tracker="cve" id="2018-18284"/> <issue tracker="cve" id="2018-18073"/> <issue tracker="cve" id="2018-17961"/> <issue tracker="cve" id="2018-19477"/> <issue tracker="cve" id="2018-19476"/> <issue tracker="cve" id="2018-19475"/> <issue tracker="cve" id="2018-17183"/> <issue tracker="cve" id="2018-19409"/> <category>security</category> <rating>important</rating> <packager>msmeissn</packager> <description>This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm </description> <summary>Security update for ghostscript</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor