SUSE-SU-2018:2975-2: important: Security update for ghostscript

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Oct 18 12:00:16 MDT 2018


   SUSE Security Update: Security update for ghostscript
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2975-2
Rating:             important
References:         #1106171 #1106172 #1106173 #1106195 #1107410 
                    #1107411 #1107412 #1107413 #1107420 #1107421 
                    #1107422 #1107423 #1107426 #1107581 #1108027 
                    #1109105 
Cross-References:   CVE-2018-15908 CVE-2018-15909 CVE-2018-15910
                    CVE-2018-15911 CVE-2018-16509 CVE-2018-16510
                    CVE-2018-16511 CVE-2018-16513 CVE-2018-16539
                    CVE-2018-16540 CVE-2018-16541 CVE-2018-16542
                    CVE-2018-16543 CVE-2018-16585 CVE-2018-16802
                    CVE-2018-17183
Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes 16 vulnerabilities is now available.

Description:

   This update for ghostscript to version 9.25 fixes the following issues:

   These security issues were fixed:

   - CVE-2018-17183: Remote attackers were be able to supply crafted
     PostScript to potentially overwrite or replace error handlers to inject
     code (bsc#1109105)
   - CVE-2018-15909: Prevent type confusion using the .shfill operator that
     could have been used by attackers able to supply crafted PostScript
     files to crash the interpreter or potentially execute code (bsc#1106172).
   - CVE-2018-15908: Prevent attackers that are able to supply malicious
     PostScript files to bypass .tempfile restrictions and write files
     (bsc#1106171).
   - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams
     parameter that could have been used to crash the interpreter or execute
     code (bsc#1106173).
   - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode
     operator that could have been used to crash the interpreter or
      potentially execute code (bsc#1106195).
   - CVE-2018-16513: Prevent a type confusion in the setcolor function that
     could have been used to crash the interpreter or possibly have
     unspecified other impact (bsc#1107412).
   - CVE-2018-16509: Incorrect "restoration of privilege" checking during
     handling
     of /invalidaccess exceptions could be have been used by attackers able
      to supply crafted PostScript to execute code using the "pipe"
      instruction (bsc#1107410).
   - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF
     primitives could have been used by remote attackers able to supply
     crafted PDFs to crash the interpreter or possibly have unspecified other
     impact (bsc#1107411).
   - CVE-2018-16542: Prevent attackers able to supply crafted PostScript
     files from using insufficient interpreter stack-size checking during
     error handling to crash the interpreter (bsc#1107413).
   - CVE-2018-16541: Prevent attackers able to supply crafted PostScript
     files from using incorrect free logic in pagedevice replacement to crash
     the interpreter (bsc#1107421).
   - CVE-2018-16540: Prevent use-after-free in copydevice handling that could
     have been used to crash the interpreter or possibly have unspecified
     other impact (bsc#1107420).
   - CVE-2018-16539: Prevent attackers able to supply crafted PostScript
     files from using incorrect access checking in temp file handling to
     disclose contents
     of files on the system otherwise not readable (bsc#1107422).
   - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to
     have an unspecified impact (bsc#1107423).
   - CVE-2018-16511: A type confusion in "ztype" could have been used by
     remote attackers able to supply crafted PostScript to crash the
     interpreter or possibly have unspecified other impact (bsc#1107426).
   - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted
     even though it is not intended for use during document processing (e.g.,
     after the startup phase). This lead to memory corruption, allowing
     remote attackers able to supply crafted PostScript to crash the
     interpreter or possibly have unspecified other impact (bsc#1107581).
   - CVE-2018-16802: Incorrect "restoration of privilege" checking when
     running
     out of stack during exception handling could have been used by attackers
      able to supply crafted PostScript to execute code using the "pipe"
      instruction. This is due to an incomplete fix for CVE-2018-16509
      (bsc#1108027).

   These non-security issues were fixed:

   * Fixes problems with argument handling, some unintended results of the
     security fixes to the SAFER file access restrictions (specifically
     accessing ICC profile files).
   * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--'

   For additional changes please check
   http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the
   package.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2121=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      ghostscript-9.25-23.13.1
      ghostscript-debuginfo-9.25-23.13.1
      ghostscript-debugsource-9.25-23.13.1
      ghostscript-x11-9.25-23.13.1
      ghostscript-x11-debuginfo-9.25-23.13.1


References:

   https://www.suse.com/security/cve/CVE-2018-15908.html
   https://www.suse.com/security/cve/CVE-2018-15909.html
   https://www.suse.com/security/cve/CVE-2018-15910.html
   https://www.suse.com/security/cve/CVE-2018-15911.html
   https://www.suse.com/security/cve/CVE-2018-16509.html
   https://www.suse.com/security/cve/CVE-2018-16510.html
   https://www.suse.com/security/cve/CVE-2018-16511.html
   https://www.suse.com/security/cve/CVE-2018-16513.html
   https://www.suse.com/security/cve/CVE-2018-16539.html
   https://www.suse.com/security/cve/CVE-2018-16540.html
   https://www.suse.com/security/cve/CVE-2018-16541.html
   https://www.suse.com/security/cve/CVE-2018-16542.html
   https://www.suse.com/security/cve/CVE-2018-16543.html
   https://www.suse.com/security/cve/CVE-2018-16585.html
   https://www.suse.com/security/cve/CVE-2018-16802.html
   https://www.suse.com/security/cve/CVE-2018-17183.html
   https://bugzilla.suse.com/1106171
   https://bugzilla.suse.com/1106172
   https://bugzilla.suse.com/1106173
   https://bugzilla.suse.com/1106195
   https://bugzilla.suse.com/1107410
   https://bugzilla.suse.com/1107411
   https://bugzilla.suse.com/1107412
   https://bugzilla.suse.com/1107413
   https://bugzilla.suse.com/1107420
   https://bugzilla.suse.com/1107421
   https://bugzilla.suse.com/1107422
   https://bugzilla.suse.com/1107423
   https://bugzilla.suse.com/1107426
   https://bugzilla.suse.com/1107581
   https://bugzilla.suse.com/1108027
   https://bugzilla.suse.com/1109105



More information about the sle-security-updates mailing list