what you don't know can hurt you

Red Hat Security Advisory 2019-2591-01

Red Hat Security Advisory 2019-2591-01
Posted Sep 2, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2591-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
MD5 | 045093bbfcbd3409dc5e5e12f0dde7c0

Red Hat Security Advisory 2019-2591-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: ghostscript security update
Advisory ID: RHSA-2019:2591-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2591
Issue date: 2019-09-02
CVE Names: CVE-2019-14811 CVE-2019-14812 CVE-2019-14813
CVE-2019-14817
=====================================================================

1. Summary:

An update for ghostscript is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: Safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator (701445) (CVE-2019-14811)

* ghostscript: Safer mode bypass by .forceput exposure in setuserparams
(701444) (CVE-2019-14812)

* ghostscript: Safer mode bypass by .forceput exposure in setsystemparams
(701443) (CVE-2019-14813)

* ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and
other procedures (701450) (CVE-2019-14817)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1743737 - CVE-2019-14813 ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
1743754 - CVE-2019-14812 ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
1743757 - CVE-2019-14811 ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
1744042 - CVE-2019-14817 ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
ghostscript-9.25-2.el8_0.3.src.rpm

aarch64:
ghostscript-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-9.25-2.el8_0.3.aarch64.rpm
libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm

ppc64le:
ghostscript-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-9.25-2.el8_0.3.ppc64le.rpm
libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm

s390x:
ghostscript-9.25-2.el8_0.3.s390x.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-9.25-2.el8_0.3.s390x.rpm
libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm

x86_64:
ghostscript-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm
ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-9.25-2.el8_0.3.i686.rpm
libgs-9.25-2.el8_0.3.x86_64.rpm
libgs-debuginfo-9.25-2.el8_0.3.i686.rpm
libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
ghostscript-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.aarch64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.aarch64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-9.25-2.el8_0.3.aarch64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-debuginfo-9.25-2.el8_0.3.aarch64.rpm
libgs-devel-9.25-2.el8_0.3.aarch64.rpm

noarch:
ghostscript-doc-9.25-2.el8_0.3.noarch.rpm

ppc64le:
ghostscript-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-debugsource-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-9.25-2.el8_0.3.ppc64le.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-debuginfo-9.25-2.el8_0.3.ppc64le.rpm
libgs-devel-9.25-2.el8_0.3.ppc64le.rpm

s390x:
ghostscript-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-debugsource-9.25-2.el8_0.3.s390x.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.s390x.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-9.25-2.el8_0.3.s390x.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-debuginfo-9.25-2.el8_0.3.s390x.rpm
libgs-devel-9.25-2.el8_0.3.s390x.rpm

x86_64:
ghostscript-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-debugsource-9.25-2.el8_0.3.i686.rpm
ghostscript-debugsource-9.25-2.el8_0.3.x86_64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.3.x86_64.rpm
ghostscript-tools-printing-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-9.25-2.el8_0.3.x86_64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.i686.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-debuginfo-9.25-2.el8_0.3.i686.rpm
libgs-debuginfo-9.25-2.el8_0.3.x86_64.rpm
libgs-devel-9.25-2.el8_0.3.i686.rpm
libgs-devel-9.25-2.el8_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-14811
https://access.redhat.com/security/cve/CVE-2019-14812
https://access.redhat.com/security/cve/CVE-2019-14813
https://access.redhat.com/security/cve/CVE-2019-14817
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXWzK29zjgjWX9erEAQhK4A//S73gbmNoOsxvXgkNduNQkkc4MNNAo0C/
0I1MXyNjsUj/8Ya/qL0OKZGrlSoXXQ6cavlvPTS5suklioA5r5RBGrWg8s0nAHGN
DMM9QI8yASkq6AjS/dK0nrVrCVq2c+oHS2791jupWDiYQc/kO8YF2Z7YuuxeM1c0
zusG5NVlgcS0ZN3f7kKdL6J64TkAkiVS+3jhPOKHQ33CI96Qx16FmaeXYFETs+Th
hh/1fk5qJNVQymTvYllLup8VFXrJusCKaMFtRXDziRwJGif8S9RkTtQsNsmJgZdB
IO2LbAVHK4qIF3d5Px+YRcDoKWM/ZoaYYAFwkzem7s+Y4yio77HpZ8edCh4LwRF5
KgCkfzinH6yiXT0D5goIQacoL8tt4xtplihUk/dUYtEjIehMLoeIhROd9yu/1Mdn
SvzEl09uvoToIxh4zEvqQoS17vEgtiduIbiOcHTM+KExgoaS76fXDGFxoed0T+Zm
W70ppieHS5PJPEYV9P/TSz5sIkZzrXOdntSYQoSV2Vqlhjlpq1jICmqQFSy7UKZF
3srZkwod8/xpf9MQfQwKUo1irOKUz2Piwx1w2U/xkoMkuRqbvnpf5RSAdqZiytDf
BlAxAVl0b7y+ZQNfKLyjUP+czhnJBGS90R3S27/ZmwDAftNXoUzhq40EhJ5medf6
4nUmw/cqzY8=
=8EMT
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    16 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close