Bugzilla – Bug 1129180
VUL-1: CVE-2019-3835: ghostscript,ghostscript-library: superexec operator is available
Last modified: 2020-06-08 19:14:20 UTC
iw now public 1- CVE-2019-3835 ghostscript: superexec operator is available It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. This one is considered particularly Important because it can be easily triggered inside popular Linux PostScript viewers, or embedded in a PDF when read by the `gs` command, and could be used to modify the content of bashrc. Upstream fixes: * Fix bug 700585: Restrict superexec and remove it from internals and gs_cet.ps http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 * Bug 700585: Obliterate "superexec". We don't need it, nor do any known apps. http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6 Upstream bug report (currently restricted) : https://bugs.ghostscript.com/show_bug.cgi?id=700585 Note: The only important fix is the second one, d683d1e6, the other one is only a dependency. To test if you are affected (on recent ghostscript, starting from gs-9.22 [starting from commit 8556b698892]): $ gs -dSAFER -dNODISPLAY GS> 1183615869 internaldict /superexec known { (VULNERABLE\n) } { (SAFE\n) } ifelse print On versions older than 9.22, this would be sufficient : GS> /superexec where { (VULNERABLE\n) } { (SAFE\n) } ifelse print
SUSE-SU-2019:2460-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1129180,1129186,1134156,1140359,1146882,1146884 CVE References: CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ghostscript-mini-9.27-3.21.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): ghostscript-mini-9.27-3.21.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ghostscript-9.27-3.21.1 SUSE Linux Enterprise Module for Basesystem 15 (src): ghostscript-9.27-3.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2478-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1129180,1131863,1134156,1140359,1146882,1146884 CVE References: CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): ghostscript-9.27-23.28.1 SUSE OpenStack Cloud 8 (src): ghostscript-9.27-23.28.1 SUSE OpenStack Cloud 7 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP5 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP4 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Desktop 12-SP5 (src): ghostscript-9.27-23.28.1 SUSE Linux Enterprise Desktop 12-SP4 (src): ghostscript-9.27-23.28.1 SUSE Enterprise Storage 5 (src): ghostscript-9.27-23.28.1 SUSE Enterprise Storage 4 (src): ghostscript-9.27-23.28.1 HPE Helion Openstack 8 (src): ghostscript-9.27-23.28.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2223-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1129180,1129186,1134156,1140359,1146882,1146884 CVE References: CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839 Sources used: openSUSE Leap 15.1 (src): ghostscript-9.27-lp151.3.6.1, ghostscript-mini-9.27-lp151.3.6.1
openSUSE-SU-2019:2222-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1129180,1129186,1134156,1140359,1146882,1146884 CVE References: CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839 Sources used: openSUSE Leap 15.0 (src): ghostscript-9.27-lp150.2.23.1, ghostscript-mini-9.27-lp150.2.23.1
released