SUSE-SU-2018:3330-1
Vulnerability Summary
Timeline
Description
Security update for ghostscript-library This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. (bsc#1107426) - CVE-2018-16540: Attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. (bsc#1107420) - CVE-2018-16541: Attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. (bsc#1107421) - CVE-2018-16542: Attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. (bsc#1107413) - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. (bsc#1107410 - CVE-2018-16513: Attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. (bsc#1107412) - CVE-2018-15910: Attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. (bsc#1106173) - CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (bsc#1050893)
Affected Systems
- suse•ghostscript-library&distro=SUSE Linux Enterprise Point of Sale 11 SP3
< 8.62-32.47.13.1
- suse•ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
< 8.62-32.47.13.1
- suse•ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 8.62-32.47.13.1
- suse•ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP4
< 8.62-32.47.13.1
- suse•ghostscript-library&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 8.62-32.47.13.1
- suse•ghostscript-library&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 8.62-32.47.13.1
References (17)
- https://www.suse.com/support/update/announcement/2018/suse-su-20183330-1/
- https://bugzilla.suse.com/1050893
- https://bugzilla.suse.com/1106173
- https://bugzilla.suse.com/1107410
- https://bugzilla.suse.com/1107412
- https://bugzilla.suse.com/1107413
- https://bugzilla.suse.com/1107420
- https://bugzilla.suse.com/1107421
- https://bugzilla.suse.com/1107426
- https://www.suse.com/security/cve/CVE-2017-9611
- https://www.suse.com/security/cve/CVE-2018-15910
- https://www.suse.com/security/cve/CVE-2018-16509
- https://www.suse.com/security/cve/CVE-2018-16511
- https://www.suse.com/security/cve/CVE-2018-16513
- https://www.suse.com/security/cve/CVE-2018-16540
- https://www.suse.com/security/cve/CVE-2018-16541
- https://www.suse.com/security/cve/CVE-2018-16542