Bug 1106171 (CVE-2018-15908) - VUL-0: CVE-2018-15908: ghostscript,ghostscript-library: .tempfile file permission issues (699657)
Summary: VUL-0: CVE-2018-15908: ghostscript,ghostscript-library: .tempfile file permis...
Status: RESOLVED FIXED
Alias: CVE-2018-15908
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/213373/
Whiteboard: CVSSv3:SUSE:CVE-2018-15908:7.3:(AV:N/...
Keywords:
Depends on:
Blocks: 1105464
  Show dependency treegraph
 
Reported: 2018-08-28 06:57 UTC by Alexander Bergmann
Modified: 2020-06-08 19:13 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-08-28 06:57:55 UTC
rh#1619756

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply
malicious PostScript files to bypass .tempfile restrictions and write files.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1619756
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15908
http://www.cvedetails.com/cve/CVE-2018-15908/
https://www.kb.cert.org/vuls/id/332928
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
Comment 1 Alexander Bergmann 2018-08-28 08:01:22 UTC
Upstream fix:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d3901189f
Comment 5 Swamp Workflow Management 2018-10-02 19:08:36 UTC
SUSE-SU-2018:2975-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
SUSE OpenStack Cloud 7 (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Server 12-LTSS (src):    ghostscript-9.25-23.13.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ghostscript-9.25-23.13.1
SUSE Enterprise Storage 4 (src):    ghostscript-9.25-23.13.1
Comment 6 Swamp Workflow Management 2018-10-02 19:11:05 UTC
SUSE-SU-2018:2976-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    libspectre-0.2.8-3.2.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    ghostscript-9.25-3.6.1
Comment 7 Swamp Workflow Management 2018-10-05 19:10:40 UTC
openSUSE-SU-2018:3036-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
openSUSE Leap 42.3 (src):    ghostscript-9.25-14.9.1, ghostscript-mini-9.25-14.9.1
Comment 8 Swamp Workflow Management 2018-10-05 19:13:29 UTC
openSUSE-SU-2018:3038-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
openSUSE Leap 15.0 (src):    ghostscript-9.25-lp150.2.6.1, ghostscript-mini-9.25-lp150.2.6.1, libspectre-0.2.8-lp150.2.3.1
Comment 9 Swamp Workflow Management 2018-10-18 18:00:36 UTC
SUSE-SU-2018:2975-2: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    ghostscript-9.25-23.13.1
Comment 10 Swamp Workflow Management 2019-04-27 22:41:12 UTC
SUSE-SU-2018:2975-3: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105
CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    ghostscript-9.25-23.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Marcus Meissner 2020-01-28 07:16:10 UTC
released