Bugzilla – Bug 1106171
VUL-0: CVE-2018-15908: ghostscript,ghostscript-library: .tempfile file permission issues (699657)
Last modified: 2020-06-08 19:13:32 UTC
rh#1619756 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. References: https://bugzilla.redhat.com/show_bug.cgi?id=1619756 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15908 http://www.cvedetails.com/cve/CVE-2018-15908/ https://www.kb.cert.org/vuls/id/332928 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
Upstream fix: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d3901189f
SUSE-SU-2018:2975-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE OpenStack Cloud 7 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Enterprise Storage 4 (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2976-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): libspectre-0.2.8-3.2.1 SUSE Linux Enterprise Module for Basesystem 15 (src): ghostscript-9.25-3.6.1
openSUSE-SU-2018:3036-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 42.3 (src): ghostscript-9.25-14.9.1, ghostscript-mini-9.25-14.9.1
openSUSE-SU-2018:3038-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 15.0 (src): ghostscript-9.25-lp150.2.6.1, ghostscript-mini-9.25-lp150.2.6.1, libspectre-0.2.8-lp150.2.3.1
SUSE-SU-2018:2975-2: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2975-3: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): ghostscript-9.25-23.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released