SUSE-SU-2018:4090-1 -- SLES ghostscriptID: oval:org.secpod.oval:def:89002415 | Date: (C)2021-02-25 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)- CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)- CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP4 |