Security update for ghostscript SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0407-1 Final 1 1 2018-02-09T10:31:00Z current 2018-02-09T10:31:00Z 2018-02-09T10:31:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ghostscript This update for ghostscript fixes several issues. These security issues were fixed: - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879). - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643). - CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1032230). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891). - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889). - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888). - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887). - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184). - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP2-2018-277,SUSE-SLE-DESKTOP-12-SP3-2018-277,SUSE-SLE-RPI-12-SP2-2018-277,SUSE-SLE-SDK-12-SP2-2018-277,SUSE-SLE-SDK-12-SP3-2018-277,SUSE-SLE-SERVER-12-SP2-2018-277,SUSE-SLE-SERVER-12-SP3-2018-277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ Link for SUSE-SU-2018:0407-1 https://lists.suse.com/pipermail/sle-security-updates/2018-February/003717.html E-Mail link for SUSE-SU-2018:0407-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1032138 SUSE Bug 1032138 https://bugzilla.suse.com/1032230 SUSE Bug 1032230 https://bugzilla.suse.com/1040643 SUSE Bug 1040643 https://bugzilla.suse.com/1050879 SUSE Bug 1050879 https://bugzilla.suse.com/1050887 SUSE Bug 1050887 https://bugzilla.suse.com/1050888 SUSE Bug 1050888 https://bugzilla.suse.com/1050889 SUSE Bug 1050889 https://bugzilla.suse.com/1050891 SUSE Bug 1050891 https://bugzilla.suse.com/1051184 SUSE Bug 1051184 https://www.suse.com/security/cve/CVE-2016-10219/ SUSE CVE CVE-2016-10219 page https://www.suse.com/security/cve/CVE-2016-10317/ SUSE CVE CVE-2016-10317 page https://www.suse.com/security/cve/CVE-2017-11714/ SUSE CVE CVE-2017-11714 page https://www.suse.com/security/cve/CVE-2017-9216/ SUSE CVE CVE-2017-9216 page https://www.suse.com/security/cve/CVE-2017-9612/ SUSE CVE CVE-2017-9612 page https://www.suse.com/security/cve/CVE-2017-9726/ SUSE CVE CVE-2017-9726 page https://www.suse.com/security/cve/CVE-2017-9727/ SUSE CVE CVE-2017-9727 page https://www.suse.com/security/cve/CVE-2017-9739/ SUSE CVE CVE-2017-9739 page https://www.suse.com/security/cve/CVE-2017-9835/ SUSE CVE CVE-2017-9835 page SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 ghostscript-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-devel-9.15-23.7.1 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Server 12 SP2 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Server 12 SP2 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Server 12 SP3 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Server 12 SP3 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 ghostscript-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ghostscript-x11-9.15-23.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ghostscript-devel-9.15-23.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 ghostscript-devel-9.15-23.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVE-2016-10219 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2016-10219.html CVE-2016-10219 https://bugzilla.suse.com/1032138 SUSE Bug 1032138 The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. CVE-2016-10317 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2016-10317.html CVE-2016-10317 https://bugzilla.suse.com/1032230 SUSE Bug 1032230 psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. CVE-2017-11714 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-11714.html CVE-2017-11714 https://bugzilla.suse.com/1051184 SUSE Bug 1051184 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. CVE-2017-9216 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9216.html CVE-2017-9216 https://bugzilla.suse.com/1040643 SUSE Bug 1040643 The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. CVE-2017-9612 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9612.html CVE-2017-9612 https://bugzilla.suse.com/1050891 SUSE Bug 1050891 The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. CVE-2017-9726 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9726.html CVE-2017-9726 https://bugzilla.suse.com/1050889 SUSE Bug 1050889 The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. CVE-2017-9727 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9727.html CVE-2017-9727 https://bugzilla.suse.com/1050888 SUSE Bug 1050888 The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. CVE-2017-9739 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9739.html CVE-2017-9739 https://bugzilla.suse.com/1050887 SUSE Bug 1050887 The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. CVE-2017-9835 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ghostscript-x11-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP2:ghostscript-devel-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12 SP3:ghostscript-devel-9.15-23.7.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180407-1/ https://www.suse.com/security/cve/CVE-2017-9835.html CVE-2017-9835 https://bugzilla.suse.com/1050879 SUSE Bug 1050879