Security update for ghostscript (important)

2019-09-30T21:15:04
ID OPENSUSE-SU-2019:2223-1
Type suse
Reporter Suse
Modified 2019-09-30T21:15:04

Description

This update for ghostscript fixes the following issues:

Security issues fixed:

  • CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
  • CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
  • CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
  • CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
  • CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
  • CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
  • CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)

This update was imported from the SUSE:SLE-15:Update update project.