SUSE-SU-2019:2460-1 -- SLES ghostscriptID: oval:org.secpod.oval:def:89050779 | Date: (C)2023-10-16 (M)2023-10-15 |
Class: PATCH | Family: unix |
This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Server 15 SP1 |