{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for ghostscript","title":"Title of the patch"},{"category":"description","text":"This update for ghostscript to version 9.26 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327)\n- CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313)\n- CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274)\n- CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022)\n- CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229)\n- CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480)\n- CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479)\n- CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105)\n\nVersion update to 9.26 (bsc#1117331):\n\n- Security issues have been the primary focus\n- Minor bug fixes and improvements\n- For release summary see: http://www.ghostscript.com/doc/9.26/News.htm\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-SAP-12-SP1-2019-1076","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4090-2.json"},{"category":"self","summary":"URL for SUSE-SU-2018:4090-2","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20184090-2/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:4090-2","url":"https://lists.suse.com/pipermail/sle-security-updates/2019-April/005397.html"},{"category":"self","summary":"SUSE Bug 1109105","url":"https://bugzilla.suse.com/1109105"},{"category":"self","summary":"SUSE Bug 1111479","url":"https://bugzilla.suse.com/1111479"},{"category":"self","summary":"SUSE Bug 1111480","url":"https://bugzilla.suse.com/1111480"},{"category":"self","summary":"SUSE Bug 1112229","url":"https://bugzilla.suse.com/1112229"},{"category":"self","summary":"SUSE Bug 1117022","url":"https://bugzilla.suse.com/1117022"},{"category":"self","summary":"SUSE Bug 1117274","url":"https://bugzilla.suse.com/1117274"},{"category":"self","summary":"SUSE Bug 1117313","url":"https://bugzilla.suse.com/1117313"},{"category":"self","summary":"SUSE Bug 1117327","url":"https://bugzilla.suse.com/1117327"},{"category":"self","summary":"SUSE Bug 1117331","url":"https://bugzilla.suse.com/1117331"},{"category":"self","summary":"SUSE CVE CVE-2018-17183 page","url":"https://www.suse.com/security/cve/CVE-2018-17183/"},{"category":"self","summary":"SUSE CVE CVE-2018-17961 page","url":"https://www.suse.com/security/cve/CVE-2018-17961/"},{"category":"self","summary":"SUSE CVE CVE-2018-18073 page","url":"https://www.suse.com/security/cve/CVE-2018-18073/"},{"category":"self","summary":"SUSE CVE CVE-2018-18284 page","url":"https://www.suse.com/security/cve/CVE-2018-18284/"},{"category":"self","summary":"SUSE CVE CVE-2018-19409 page","url":"https://www.suse.com/security/cve/CVE-2018-19409/"},{"category":"self","summary":"SUSE CVE CVE-2018-19475 page","url":"https://www.suse.com/security/cve/CVE-2018-19475/"},{"category":"self","summary":"SUSE CVE CVE-2018-19476 page","url":"https://www.suse.com/security/cve/CVE-2018-19476/"},{"category":"self","summary":"SUSE CVE CVE-2018-19477 page","url":"https://www.suse.com/security/cve/CVE-2018-19477/"}],"title":"Security update for ghostscript","tracking":{"current_release_date":"2019-04-27T15:39:06Z","generator":{"date":"2019-04-27T15:39:06Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:4090-2","initial_release_date":"2019-04-27T15:39:06Z","revision_history":[{"date":"2019-04-27T15:39:06Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"ghostscript-9.26-23.16.1.x86_64","product":{"name":"ghostscript-9.26-23.16.1.x86_64","product_id":"ghostscript-9.26-23.16.1.x86_64"}},{"category":"product_version","name":"ghostscript-x11-9.26-23.16.1.x86_64","product":{"name":"ghostscript-x11-9.26-23.16.1.x86_64","product_id":"ghostscript-x11-9.26-23.16.1.x86_64"}},{"category":"product_version","name":"libspectre1-0.2.7-12.4.1.x86_64","product":{"name":"libspectre1-0.2.7-12.4.1.x86_64","product_id":"libspectre1-0.2.7-12.4.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ghostscript-9.26-23.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64"},"product_reference":"ghostscript-9.26-23.16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"ghostscript-x11-9.26-23.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64"},"product_reference":"ghostscript-x11-9.26-23.16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"libspectre1-0.2.7-12.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"},"product_reference":"libspectre1-0.2.7-12.4.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP1"}]},"vulnerabilities":[{"cve":"CVE-2018-17183","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-17183"}],"notes":[{"category":"general","text":"Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-17183","url":"https://www.suse.com/security/cve/CVE-2018-17183"},{"category":"external","summary":"SUSE Bug 1108027 for CVE-2018-17183","url":"https://bugzilla.suse.com/1108027"},{"category":"external","summary":"SUSE Bug 1109105 for CVE-2018-17183","url":"https://bugzilla.suse.com/1109105"},{"category":"external","summary":"SUSE Bug 1111479 for CVE-2018-17183","url":"https://bugzilla.suse.com/1111479"},{"category":"external","summary":"SUSE Bug 1111480 for CVE-2018-17183","url":"https://bugzilla.suse.com/1111480"},{"category":"external","summary":"SUSE Bug 1112229 for CVE-2018-17183","url":"https://bugzilla.suse.com/1112229"},{"category":"external","summary":"SUSE Bug 1117022 for CVE-2018-17183","url":"https://bugzilla.suse.com/1117022"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-17183","url":"https://bugzilla.suse.com/1117331"},{"category":"external","summary":"SUSE Bug 1118455 for CVE-2018-17183","url":"https://bugzilla.suse.com/1118455"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"moderate"}],"title":"CVE-2018-17183"},{"cve":"CVE-2018-17961","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-17961"}],"notes":[{"category":"general","text":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-17961","url":"https://www.suse.com/security/cve/CVE-2018-17961"},{"category":"external","summary":"SUSE Bug 1108027 for CVE-2018-17961","url":"https://bugzilla.suse.com/1108027"},{"category":"external","summary":"SUSE Bug 1109105 for CVE-2018-17961","url":"https://bugzilla.suse.com/1109105"},{"category":"external","summary":"SUSE Bug 1111479 for CVE-2018-17961","url":"https://bugzilla.suse.com/1111479"},{"category":"external","summary":"SUSE Bug 1111480 for CVE-2018-17961","url":"https://bugzilla.suse.com/1111480"},{"category":"external","summary":"SUSE Bug 1112229 for CVE-2018-17961","url":"https://bugzilla.suse.com/1112229"},{"category":"external","summary":"SUSE Bug 1117022 for CVE-2018-17961","url":"https://bugzilla.suse.com/1117022"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-17961","url":"https://bugzilla.suse.com/1117331"},{"category":"external","summary":"SUSE Bug 1118455 for CVE-2018-17961","url":"https://bugzilla.suse.com/1118455"},{"category":"external","summary":"SUSE Bug 1129180 for CVE-2018-17961","url":"https://bugzilla.suse.com/1129180"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"moderate"}],"title":"CVE-2018-17961"},{"cve":"CVE-2018-18073","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-18073"}],"notes":[{"category":"general","text":"Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-18073","url":"https://www.suse.com/security/cve/CVE-2018-18073"},{"category":"external","summary":"SUSE Bug 1108027 for CVE-2018-18073","url":"https://bugzilla.suse.com/1108027"},{"category":"external","summary":"SUSE Bug 1109105 for CVE-2018-18073","url":"https://bugzilla.suse.com/1109105"},{"category":"external","summary":"SUSE Bug 1111479 for CVE-2018-18073","url":"https://bugzilla.suse.com/1111479"},{"category":"external","summary":"SUSE Bug 1111480 for CVE-2018-18073","url":"https://bugzilla.suse.com/1111480"},{"category":"external","summary":"SUSE Bug 1112229 for CVE-2018-18073","url":"https://bugzilla.suse.com/1112229"},{"category":"external","summary":"SUSE Bug 1117022 for CVE-2018-18073","url":"https://bugzilla.suse.com/1117022"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-18073","url":"https://bugzilla.suse.com/1117331"},{"category":"external","summary":"SUSE Bug 1118455 for CVE-2018-18073","url":"https://bugzilla.suse.com/1118455"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"moderate"}],"title":"CVE-2018-18073"},{"cve":"CVE-2018-18284","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-18284"}],"notes":[{"category":"general","text":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-18284","url":"https://www.suse.com/security/cve/CVE-2018-18284"},{"category":"external","summary":"SUSE Bug 1108027 for CVE-2018-18284","url":"https://bugzilla.suse.com/1108027"},{"category":"external","summary":"SUSE Bug 1109105 for CVE-2018-18284","url":"https://bugzilla.suse.com/1109105"},{"category":"external","summary":"SUSE Bug 1111479 for CVE-2018-18284","url":"https://bugzilla.suse.com/1111479"},{"category":"external","summary":"SUSE Bug 1111480 for CVE-2018-18284","url":"https://bugzilla.suse.com/1111480"},{"category":"external","summary":"SUSE Bug 1112229 for CVE-2018-18284","url":"https://bugzilla.suse.com/1112229"},{"category":"external","summary":"SUSE Bug 1117022 for CVE-2018-18284","url":"https://bugzilla.suse.com/1117022"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-18284","url":"https://bugzilla.suse.com/1117331"},{"category":"external","summary":"SUSE Bug 1118455 for CVE-2018-18284","url":"https://bugzilla.suse.com/1118455"},{"category":"external","summary":"SUSE Bug 1144621 for CVE-2018-18284","url":"https://bugzilla.suse.com/1144621"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"moderate"}],"title":"CVE-2018-18284"},{"cve":"CVE-2018-19409","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-19409"}],"notes":[{"category":"general","text":"An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-19409","url":"https://www.suse.com/security/cve/CVE-2018-19409"},{"category":"external","summary":"SUSE Bug 1108027 for CVE-2018-19409","url":"https://bugzilla.suse.com/1108027"},{"category":"external","summary":"SUSE Bug 1109105 for CVE-2018-19409","url":"https://bugzilla.suse.com/1109105"},{"category":"external","summary":"SUSE Bug 1111479 for CVE-2018-19409","url":"https://bugzilla.suse.com/1111479"},{"category":"external","summary":"SUSE Bug 1111480 for CVE-2018-19409","url":"https://bugzilla.suse.com/1111480"},{"category":"external","summary":"SUSE Bug 1112229 for CVE-2018-19409","url":"https://bugzilla.suse.com/1112229"},{"category":"external","summary":"SUSE Bug 1117022 for CVE-2018-19409","url":"https://bugzilla.suse.com/1117022"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-19409","url":"https://bugzilla.suse.com/1117331"},{"category":"external","summary":"SUSE Bug 1118455 for CVE-2018-19409","url":"https://bugzilla.suse.com/1118455"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"low"}],"title":"CVE-2018-19409"},{"cve":"CVE-2018-19475","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-19475"}],"notes":[{"category":"general","text":"psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-19475","url":"https://www.suse.com/security/cve/CVE-2018-19475"},{"category":"external","summary":"SUSE Bug 1117327 for CVE-2018-19475","url":"https://bugzilla.suse.com/1117327"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-19475","url":"https://bugzilla.suse.com/1117331"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"moderate"}],"title":"CVE-2018-19475"},{"cve":"CVE-2018-19476","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-19476"}],"notes":[{"category":"general","text":"psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-19476","url":"https://www.suse.com/security/cve/CVE-2018-19476"},{"category":"external","summary":"SUSE Bug 1117313 for CVE-2018-19476","url":"https://bugzilla.suse.com/1117313"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-19476","url":"https://bugzilla.suse.com/1117331"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"low"}],"title":"CVE-2018-19476"},{"cve":"CVE-2018-19477","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-19477"}],"notes":[{"category":"general","text":"psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-19477","url":"https://www.suse.com/security/cve/CVE-2018-19477"},{"category":"external","summary":"SUSE Bug 1117274 for CVE-2018-19477","url":"https://bugzilla.suse.com/1117274"},{"category":"external","summary":"SUSE Bug 1117331 for CVE-2018-19477","url":"https://bugzilla.suse.com/1117331"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:ghostscript-x11-9.26-23.16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspectre1-0.2.7-12.4.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-04-27T15:39:06Z","details":"low"}],"title":"CVE-2018-19477"}]}