{"affected":[{"ecosystem_specific":{"binaries":[{"ghostscript":"9.27-lp151.3.6.1","ghostscript-devel":"9.27-lp151.3.6.1","ghostscript-mini":"9.27-lp151.3.6.1","ghostscript-mini-devel":"9.27-lp151.3.6.1","ghostscript-x11":"9.27-lp151.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"ghostscript","purl":"pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.27-lp151.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript":"9.27-lp151.3.6.1","ghostscript-devel":"9.27-lp151.3.6.1","ghostscript-mini":"9.27-lp151.3.6.1","ghostscript-mini-devel":"9.27-lp151.3.6.1","ghostscript-x11":"9.27-lp151.3.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"ghostscript-mini","purl":"pkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.27-lp151.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ghostscript fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)\n- CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)\n- CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)\n- CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)\n- CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)\n- CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)\n- CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2223-1","modified":"2019-09-30T14:23:09Z","published":"2019-09-30T14:23:09Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ/#7XGX735CL3KDIKASKAQUMDRQD4HIHZEJ"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129180"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129186"},{"type":"REPORT","url":"https://bugzilla.suse.com/1134156"},{"type":"REPORT","url":"https://bugzilla.suse.com/1140359"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146884"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14811"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14813"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3839"}],"related":["CVE-2019-12973","CVE-2019-14811","CVE-2019-14812","CVE-2019-14813","CVE-2019-14817","CVE-2019-3835","CVE-2019-3839"],"summary":"Security update for ghostscript","upstream":["CVE-2019-12973","CVE-2019-14811","CVE-2019-14812","CVE-2019-14813","CVE-2019-14817","CVE-2019-3835","CVE-2019-3839"]}