Bug 1215466 (CVE-2023-43115)

Summary: VUL-0: CVE-2023-43115: ghostscript-library,ghostscript: remote code execution via crafted PostScript documents in gdevijs.c
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: ali.abdallah, jsmeix, meissner, rfrohl, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/379039/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1217554
https://bugzilla.suse.com/show_bug.cgi?id=1217601
Whiteboard: CVSSv3.1:SUSE:CVE-2023-43115:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-09-19 06:30:30 UTC 
CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS
server).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115
https://www.cve.org/CVERecord?id=CVE-2023-43115
https://bugs.ghostscript.com/show_bug.cgi?id=707051
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
Comment 11 Johannes Meixner 2023-09-20 07:21:37 UTC 
Fixed in OBS Printing and forwarded to openSUSE:Factory
--------------------------------------------------------------
# osc request accept -m "Security fix CVE-2023-43115 \
 bsc#1215466 for ghostscript and ghostscript-mini" 1112466

Result of change request state: ok
openSUSE:Factory 
Forward this submit to it? ([y]/n)y
Security fix CVE-2023-43115 bsc#1215466
 for ghostscript and ghostscript-mini
 (forwarded request 1112466 from jsmeix)
New request # 1112467
--------------------------------------------------------------
Comment 12 OBSbugzilla Bot 2023-09-20 07:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1215466) was mentioned in
https://build.opensuse.org/request/show/1112467 Factory / ghostscript
Comment 17 Maintenance Automation 2023-10-03 12:30:04 UTC 
SUSE-SU-2023:3938-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215466
CVE References: CVE-2023-43115
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Server 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ghostscript-9.52-23.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2023-10-05 12:29:12 UTC 
SUSE-SU-2023:3984-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215466
CVE References: CVE-2023-43115
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Manager Proxy 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Manager Retail Branch Server 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Manager Server 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Enterprise Storage 7.1 (src): ghostscript-9.52-150000.173.2
SUSE CaaS Platform 4.0 (src): ghostscript-9.52-150000.173.2
openSUSE Leap 15.4 (src): ghostscript-9.52-150000.173.2
openSUSE Leap 15.5 (src): ghostscript-9.52-150000.173.2
Basesystem Module 15-SP4 (src): ghostscript-9.52-150000.173.2
Basesystem Module 15-SP5 (src): ghostscript-9.52-150000.173.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.