Security update for ghostscript (important)

2018-12-15T12:10:58
ID OPENSUSE-SU-2018:4138-1
Type suse
Reporter Suse
Modified 2018-12-15T12:10:58

Description

This update for ghostscript to version 9.26 fixes the following issues:

Security issues fixed:

  • CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)
  • CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)
  • CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)
  • CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)
  • CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)
  • CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)
  • CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)
  • CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)

Version update to 9.26 (bsc#1117331):

  • Security issues have been the primary focus
  • Minor bug fixes and improvements
  • For release summary see: <a rel="nofollow" href="http://www.ghostscript.com/doc/9.26/News.htm">http://www.ghostscript.com/doc/9.26/News.htm</a>

This update was imported from the SUSE:SLE-15:Update update project.