SUSE-SU-2016:2493-1 -- SLES ghostscript-library, ghostscript-fonts-other, ghostscript-fonts-rus, ghostscript-fonts-std, ghostscript-omni, ghostscript-x11, libgimpprintID: oval:org.secpod.oval:def:89045353 | Date: (C)2021-08-03 (M)2021-11-15 |
Class: PATCH | Family: unix |
This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript"s -dsafer flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service via specially crafted Postscript files
Platform: |
SUSE Linux Enterprise Server 11 SP4 |
Product: |
ghostscript-library |
ghostscript-fonts-other |
ghostscript-fonts-rus |
ghostscript-fonts-std |
ghostscript-omni |
ghostscript-x11 |
libgimpprint |