| Description: | Summary:
The remote host is missing an update for the 'ghostscript' package(s) announced via the SUSE-SU-2019:2460-1 advisory.
Vulnerability Insight:
This update for ghostscript fixes the following issues:
Security issues fixed:
CVE-2019-3835: Fixed an unauthorized file system access caused by an
available superexec operator. (bsc#1129180)
CVE-2019-3839: Fixed an unauthorized file system access caused by
available privileged operators. (bsc#1134156)
CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG
function opj_t1_encode_cblks. (bsc#1140359)
CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator. (bsc#1146882)
CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in
setuserparams. (bsc#1146882)
CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in
setsystemparams. (bsc#1146882)
CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in
.pdfexectoken and other procedures. (bsc#1146884)
Affected Software/OS:
'ghostscript' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
