|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-36773: ghostscript,ghostscript-library: out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | jsmeix, meissner, thomas.leroy |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/392984/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2020-36773:8.1:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-02-05 08:34:16 UTC
ghostscript-library is not affected. SUSE:ALP:Source:Standard:1.0/ghostscript is already fixed, and we already have submissions for SUSE:SLE-12:Update/ghostscript and SUSE:SLE-15:Update/ghostscript. Johannes, could you please add this CVE in the changlogs in you next submission for SUSE:SLE-12:Update/ghostscript and SUSE:SLE-15:Update/ghostscript? Thomas Leroy, yes, in theory I can add this CVE to the RPM changlog entry but I fear in practice I may too easily miss this issue here in particular when my focus of mind is on something different (like fixing another security bug in Ghostscript). Is it perhaps somehow possible to set some kind of reminder or some dependency in bugzilla that this issue here needs also be done when a future issue for Ghostscript appears? (A dependency to future issues looks impossible to me.) SUSE-SU-2024:0921-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1219357, 1219554 CVE References: CVE-2020-36773 Maintenance Incident: [SUSE:Maintenance:32543](https://smelt.suse.de/incident/32543/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise Server 12 SP5 (src): ghostscript-9.52-23.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ghostscript-9.52-23.71.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2024:0920-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1219357, 1219554 CVE References: CVE-2020-36773 Maintenance Incident: [SUSE:Maintenance:32541](https://smelt.suse.de/incident/32541/) Sources used: openSUSE Leap 15.5 (src): ghostscript-9.52-150000.185.1 Basesystem Module 15-SP5 (src): ghostscript-9.52-150000.185.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. All done, closing. |