Bug 1215466 (CVE-2023-43115) - VUL-0: CVE-2023-43115: ghostscript-library,ghostscript: remote code execution via crafted PostScript documents in gdevijs.c
Summary: VUL-0: CVE-2023-43115: ghostscript-library,ghostscript: remote code execution...
Status: RESOLVED FIXED
Alias: CVE-2023-43115
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/379039/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-43115:8.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-19 06:30 UTC by Robert Frohl
Modified: 2024-03-19 13:08 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-09-19 06:30:30 UTC 
CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS
server).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115
https://www.cve.org/CVERecord?id=CVE-2023-43115
https://bugs.ghostscript.com/show_bug.cgi?id=707051
https://ghostscript.com/
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
Comment 11 Johannes Meixner 2023-09-20 07:21:37 UTC 
Fixed in OBS Printing and forwarded to openSUSE:Factory
--------------------------------------------------------------
# osc request accept -m "Security fix CVE-2023-43115 \
 bsc#1215466 for ghostscript and ghostscript-mini" 1112466

Result of change request state: ok
openSUSE:Factory 
Forward this submit to it? ([y]/n)y
Security fix CVE-2023-43115 bsc#1215466
 for ghostscript and ghostscript-mini
 (forwarded request 1112466 from jsmeix)
New request # 1112467
--------------------------------------------------------------
Comment 12 OBSbugzilla Bot 2023-09-20 07:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1215466) was mentioned in
https://build.opensuse.org/request/show/1112467 Factory / ghostscript
Comment 17 Maintenance Automation 2023-10-03 12:30:04 UTC 
SUSE-SU-2023:3938-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215466
CVE References: CVE-2023-43115
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Server 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ghostscript-9.52-23.60.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ghostscript-9.52-23.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2023-10-05 12:29:12 UTC 
SUSE-SU-2023:3984-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1215466
CVE References: CVE-2023-43115
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): ghostscript-9.52-150000.173.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): ghostscript-9.52-150000.173.2
SUSE Manager Proxy 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Manager Retail Branch Server 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Manager Server 4.2 (src): ghostscript-9.52-150000.173.2
SUSE Enterprise Storage 7.1 (src): ghostscript-9.52-150000.173.2
SUSE CaaS Platform 4.0 (src): ghostscript-9.52-150000.173.2
openSUSE Leap 15.4 (src): ghostscript-9.52-150000.173.2
openSUSE Leap 15.5 (src): ghostscript-9.52-150000.173.2
Basesystem Module 15-SP4 (src): ghostscript-9.52-150000.173.2
Basesystem Module 15-SP5 (src): ghostscript-9.52-150000.173.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.