Bug 1118318 - (CVE-2018-16863) VUL-0: CVE-2018-16863: ghostscript,ghostscript-library: incomplete fix for CVE-2018-16509
(CVE-2018-16863)
VUL-0: CVE-2018-16863: ghostscript,ghostscript-library: incomplete fix for CV...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/220073/
CVSSv3:SUSE:CVE-2018-16863:7.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-04 12:10 UTC by Robert Frohl
Modified: 2020-06-16 22:09 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Frohl 2018-12-04 15:34:59 UTC
SLE-12 and SLE-15 are not affected as we ship ghostscript version >= 9.25
Comment 2 Robert Frohl 2018-12-05 09:31:48 UTC
Hi Johannes,
I believe we have the same issue as RedHat. We missed this commit [0] because it was added 4 days after the first three.

Only SLE10 and SLE11 are affected.

[0] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519
Comment 5 Johannes Meixner 2019-04-24 08:31:01 UTC
SUSE:SLE-12:GA was affected where we had Ghostscript version 9.15 and
SUSE:SLE-15:GA was affected where we had Ghostscript version 9.23.
This is fixed in SUSE:SLE-12:Update and SUSE:SLE-15:Update
where we did a Ghostscript version upgrade to 9.26a
but "CVE-2018-16863" is not mentioned in our ghostscript.changes file.
Comment 8 Marcus Meissner 2020-01-28 07:27:12 UTC
released