Security update for ghostscript SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:4087-1 Final 1 1 2018-12-12T12:37:52Z current 2018-12-12T12:37:52Z 2018-12-12T12:37:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ghostscript This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Basesystem-15-2018-2914,SUSE-SLE-Module-Desktop-Applications-15-2018-2914,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2914 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ Link for SUSE-SU-2018:4087-1 https://lists.suse.com/pipermail/sle-security-updates/2018-December/004956.html E-Mail link for SUSE-SU-2018:4087-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117274 SUSE Bug 1117274 https://bugzilla.suse.com/1117313 SUSE Bug 1117313 https://bugzilla.suse.com/1117327 SUSE Bug 1117327 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://www.suse.com/security/cve/CVE-2018-17183/ SUSE CVE CVE-2018-17183 page https://www.suse.com/security/cve/CVE-2018-17961/ SUSE CVE CVE-2018-17961 page https://www.suse.com/security/cve/CVE-2018-18073/ SUSE CVE CVE-2018-18073 page https://www.suse.com/security/cve/CVE-2018-18284/ SUSE CVE CVE-2018-18284 page https://www.suse.com/security/cve/CVE-2018-19409/ SUSE CVE CVE-2018-19409 page https://www.suse.com/security/cve/CVE-2018-19475/ SUSE CVE CVE-2018-19475 page https://www.suse.com/security/cve/CVE-2018-19476/ SUSE CVE CVE-2018-19476 page https://www.suse.com/security/cve/CVE-2018-19477/ SUSE CVE CVE-2018-19477 page SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Desktop Applications 15 ghostscript-9.26-3.9.4 ghostscript-devel-9.26-3.9.4 ghostscript-x11-9.26-3.9.4 libspectre-devel-0.2.8-3.4.3 libspectre1-0.2.8-3.4.3 ghostscript-9.26-3.9.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 ghostscript-devel-9.26-3.9.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 ghostscript-x11-9.26-3.9.4 as a component of SUSE Linux Enterprise Module for Basesystem 15 libspectre-devel-0.2.8-3.4.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 libspectre1-0.2.8-3.4.3 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. CVE-2018-17183 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-17183.html CVE-2018-17183 https://bugzilla.suse.com/1108027 SUSE Bug 1108027 https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://bugzilla.suse.com/1118455 SUSE Bug 1118455 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. CVE-2018-17961 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-17961.html CVE-2018-17961 https://bugzilla.suse.com/1108027 SUSE Bug 1108027 https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://bugzilla.suse.com/1118455 SUSE Bug 1118455 https://bugzilla.suse.com/1129180 SUSE Bug 1129180 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. CVE-2018-18073 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-18073.html CVE-2018-18073 https://bugzilla.suse.com/1108027 SUSE Bug 1108027 https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://bugzilla.suse.com/1118455 SUSE Bug 1118455 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-18284 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-18284.html CVE-2018-18284 https://bugzilla.suse.com/1108027 SUSE Bug 1108027 https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://bugzilla.suse.com/1118455 SUSE Bug 1118455 https://bugzilla.suse.com/1144621 SUSE Bug 1144621 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. CVE-2018-19409 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-19409.html CVE-2018-19409 https://bugzilla.suse.com/1108027 SUSE Bug 1108027 https://bugzilla.suse.com/1109105 SUSE Bug 1109105 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1111480 SUSE Bug 1111480 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 https://bugzilla.suse.com/1118455 SUSE Bug 1118455 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. CVE-2018-19475 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-19475.html CVE-2018-19475 https://bugzilla.suse.com/1117327 SUSE Bug 1117327 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. CVE-2018-19476 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-19476.html CVE-2018-19476 https://bugzilla.suse.com/1117313 SUSE Bug 1117313 https://bugzilla.suse.com/1117331 SUSE Bug 1117331 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. CVE-2018-19477 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26-3.9.4 SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26-3.9.4 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.4.3 SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.4.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20184087-1/ https://www.suse.com/security/cve/CVE-2018-19477.html CVE-2018-19477 https://bugzilla.suse.com/1117274 SUSE Bug 1117274 https://bugzilla.suse.com/1117331 SUSE Bug 1117331