Security update for ghostscript SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1119-1 Final 1 1 2019-04-02T11:05:39Z current 2019-04-02T11:05:39Z 2019-04-02T11:05:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ghostscript This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html E-Mail link for openSUSE-SU-2019:1119-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ghostscript-9.26a-14.18.1 ghostscript-devel-9.26a-14.18.1 ghostscript-mini-9.26a-14.18.1 ghostscript-mini-devel-9.26a-14.18.1 ghostscript-x11-9.26a-14.18.1 ghostscript-9.26a-14.18.1 as a component of openSUSE Leap 42.3 ghostscript-devel-9.26a-14.18.1 as a component of openSUSE Leap 42.3 ghostscript-mini-9.26a-14.18.1 as a component of openSUSE Leap 42.3 ghostscript-mini-devel-9.26a-14.18.1 as a component of openSUSE Leap 42.3 ghostscript-x11-9.26a-14.18.1 as a component of openSUSE Leap 42.3 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3838 openSUSE Leap 42.3:ghostscript-9.26a-14.18.1 openSUSE Leap 42.3:ghostscript-devel-9.26a-14.18.1 openSUSE Leap 42.3:ghostscript-mini-9.26a-14.18.1 openSUSE Leap 42.3:ghostscript-mini-devel-9.26a-14.18.1 openSUSE Leap 42.3:ghostscript-x11-9.26a-14.18.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html https://www.suse.com/security/cve/CVE-2019-3838.html CVE-2019-3838 https://bugzilla.suse.com/1018128 SUSE Bug 1018128 https://bugzilla.suse.com/1030263 SUSE Bug 1030263 https://bugzilla.suse.com/1032135 SUSE Bug 1032135 https://bugzilla.suse.com/1038835 SUSE Bug 1038835 https://bugzilla.suse.com/1050888 SUSE Bug 1050888 https://bugzilla.suse.com/1050889 SUSE Bug 1050889 https://bugzilla.suse.com/1106171 SUSE Bug 1106171 https://bugzilla.suse.com/1106172 SUSE Bug 1106172 https://bugzilla.suse.com/1106173 SUSE Bug 1106173 https://bugzilla.suse.com/1107422 SUSE Bug 1107422 https://bugzilla.suse.com/1107423 SUSE Bug 1107423 https://bugzilla.suse.com/1107581 SUSE Bug 1107581 https://bugzilla.suse.com/1111479 SUSE Bug 1111479 https://bugzilla.suse.com/1112229 SUSE Bug 1112229 https://bugzilla.suse.com/1114495 SUSE Bug 1114495 https://bugzilla.suse.com/1117022 SUSE Bug 1117022 https://bugzilla.suse.com/1117327 SUSE Bug 1117327 https://bugzilla.suse.com/1118318 SUSE Bug 1118318 https://bugzilla.suse.com/1129180 SUSE Bug 1129180 https://bugzilla.suse.com/1129186 SUSE Bug 1129186 https://bugzilla.suse.com/1136756 SUSE Bug 1136756