Bugzilla – Bug 1106172
VUL-0: CVE-2018-15909: ghostscript,ghostscript-library: shading_param incomplete type checking (699660)
Last modified: 2020-06-08 19:13:35 UTC
rh#1621361 In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. References: https://bugzilla.redhat.com/show_bug.cgi?id=1621361 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15909 http://www.cvedetails.com/cve/CVE-2018-15909/ http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
This patch is also required: http://git.ghostscript.com/?p=ghostpdl.git;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
SUSE-SU-2018:2975-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE OpenStack Cloud 7 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Server 12-LTSS (src): ghostscript-9.25-23.13.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ghostscript-9.25-23.13.1 SUSE Enterprise Storage 4 (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2976-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): libspectre-0.2.8-3.2.1 SUSE Linux Enterprise Module for Basesystem 15 (src): ghostscript-9.25-3.6.1
openSUSE-SU-2018:3036-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 42.3 (src): ghostscript-9.25-14.9.1, ghostscript-mini-9.25-14.9.1
openSUSE-SU-2018:3038-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: openSUSE Leap 15.0 (src): ghostscript-9.25-lp150.2.6.1, ghostscript-mini-9.25-lp150.2.6.1, libspectre-0.2.8-lp150.2.3.1
SUSE-SU-2018:2975-2: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): ghostscript-9.25-23.13.1
SUSE-SU-2018:2975-3: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105 CVE References: CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): ghostscript-9.25-23.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
reelased