Security update for ghostscript SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2223-1 Final 1 1 2019-09-30T14:23:09Z current 2019-09-30T14:23:09Z 2019-09-30T14:23:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ghostscript This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2223 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ E-Mail link for openSUSE-SU-2019:2223-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1129180 SUSE Bug 1129180 https://bugzilla.suse.com/1129186 SUSE Bug 1129186 https://bugzilla.suse.com/1134156 SUSE Bug 1134156 https://bugzilla.suse.com/1140359 SUSE Bug 1140359 https://bugzilla.suse.com/1146882 SUSE Bug 1146882 https://bugzilla.suse.com/1146884 SUSE Bug 1146884 https://www.suse.com/security/cve/CVE-2019-12973/ SUSE CVE CVE-2019-12973 page https://www.suse.com/security/cve/CVE-2019-14811/ SUSE CVE CVE-2019-14811 page https://www.suse.com/security/cve/CVE-2019-14812/ SUSE CVE CVE-2019-14812 page https://www.suse.com/security/cve/CVE-2019-14813/ SUSE CVE CVE-2019-14813 page https://www.suse.com/security/cve/CVE-2019-14817/ SUSE CVE CVE-2019-14817 page https://www.suse.com/security/cve/CVE-2019-3835/ SUSE CVE CVE-2019-3835 page https://www.suse.com/security/cve/CVE-2019-3839/ SUSE CVE CVE-2019-3839 page openSUSE Leap 15.1 ghostscript-9.27-lp151.3.6.1 ghostscript-devel-9.27-lp151.3.6.1 ghostscript-mini-9.27-lp151.3.6.1 ghostscript-mini-devel-9.27-lp151.3.6.1 ghostscript-x11-9.27-lp151.3.6.1 ghostscript-9.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 ghostscript-devel-9.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 ghostscript-mini-9.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 ghostscript-mini-devel-9.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 ghostscript-x11-9.27-lp151.3.6.1 as a component of openSUSE Leap 15.1 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. CVE-2019-12973 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-12973.html CVE-2019-12973 https://bugzilla.suse.com/1140359 SUSE Bug 1140359 A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVE-2019-14811 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-14811.html CVE-2019-14811 https://bugzilla.suse.com/1146882 SUSE Bug 1146882 A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVE-2019-14812 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-14812.html CVE-2019-14812 https://bugzilla.suse.com/1146882 SUSE Bug 1146882 A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVE-2019-14813 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-14813.html CVE-2019-14813 https://bugzilla.suse.com/1146882 SUSE Bug 1146882 A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. CVE-2019-14817 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-14817.html CVE-2019-14817 https://bugzilla.suse.com/1146882 SUSE Bug 1146882 https://bugzilla.suse.com/1146884 SUSE Bug 1146884 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-3835.html CVE-2019-3835 https://bugzilla.suse.com/1129180 SUSE Bug 1129180 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. CVE-2019-3839 openSUSE Leap 15.1:ghostscript-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-mini-devel-9.27-lp151.3.6.1 openSUSE Leap 15.1:ghostscript-x11-9.27-lp151.3.6.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ https://www.suse.com/security/cve/CVE-2019-3839.html CVE-2019-3839 https://bugzilla.suse.com/1134156 SUSE Bug 1134156