Bugzilla – Bug 1107411
VUL-0: CVE-2018-16510: ghostscript,ghostscript-library: Incorrect exec stack handling in the "CS" and "SC" PDF primitives (699671)
Last modified: 2019-05-13 22:38:49 UTC
rh#1625836 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. References: https://bugzilla.redhat.com/show_bug.cgi?id=1625836 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16510 http://openwall.com/lists/oss-security/2018/08/27/4 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
SUSE-SU-2018:2975-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE OpenStack Cloud 7 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Enterprise Storage 4 (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2976-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): libspectre-0.2.8-3.2.1 SUSE Linux Enterprise Module for Basesystem 15 (src): ghostscript-9.25-3.6.1
openSUSE-SU-2018:3036-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 42.3 (src): ghostscript-9.25-14.9.1, ghostscript-mini-9.25-14.9.1
openSUSE-SU-2018:3038-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 15.0 (src): ghostscript-9.25-lp150.2.6.1, ghostscript-mini-9.25-lp150.2.6.1, libspectre-0.2.8-lp150.2.3.1
SUSE-SU-2018:2975-2: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2975-3: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): ghostscript-9.25-23.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SLE10 and SLE 11 are not affected. The rest codestream are all fixed