Vulnerability-Lookup

CVE-2019-6116 (GCVE-0-2019-6116)

Vulnerability from cvelistv5 – Published: 2019-03-19 18:27 – Updated: 2024-08-04 20:16

Summary

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

22 references

URL	Tags
https://access.redhat.com/errata/RHSA-2019:0229	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/106700	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3866-1/	vendor-advisoryx_refsource_UBUNTU
https://www.exploit-db.com/exploits/46242/	exploitx_refsource_EXPLOIT-DB
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
http://packetstormsecurity.com/files/151307/Ghost…	x_refsource_MISC
https://www.debian.org/security/2019/dsa-4372	vendor-advisoryx_refsource_DEBIAN
https://bugs.chromium.org/p/project-zero/issues/d…	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2019/01/23/5	mailing-listx_refsource_MLIST
https://bugs.ghostscript.com/show_bug.cgi?id=700317	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2019/03/21/1	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://seclists.org/bugtraq/2019/Apr/4	mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/152367/Slack…	x_refsource_MISC
https://access.redhat.com/errata/RHBA-2019:0327	vendor-advisoryx_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202004-03	vendor-advisoryx_refsource_GENTOO

Date Public

2019-01-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:23.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0229",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0229"
          },
          {
            "name": "106700",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106700"
          },
          {
            "name": "USN-3866-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3866-1/"
          },
          {
            "name": "46242",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46242/"
          },
          {
            "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html"
          },
          {
            "name": "DSA-4372",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4372"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html"
          },
          {
            "name": "[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/01/23/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700317"
          },
          {
            "name": "FEDORA-2019-7b9bb0e426",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/"
          },
          {
            "name": "FEDORA-2019-15d57af79a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/"
          },
          {
            "name": "[oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 \u0026 CVE-2019-3838",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/21/1"
          },
          {
            "name": "FEDORA-2019-9f06aa44f6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/"
          },
          {
            "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Apr/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html"
          },
          {
            "name": "RHBA-2019:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0327"
          },
          {
            "name": "FEDORA-2019-953fc0f16d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/"
          },
          {
            "name": "FEDORA-2019-ebd6c4f15a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/"
          },
          {
            "name": "GLSA-202004-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202004-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-01T21:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2019:0229",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0229"
        },
        {
          "name": "106700",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106700"
        },
        {
          "name": "USN-3866-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3866-1/"
        },
        {
          "name": "46242",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46242/"
        },
        {
          "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html"
        },
        {
          "name": "DSA-4372",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4372"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html"
        },
        {
          "name": "[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/01/23/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700317"
        },
        {
          "name": "FEDORA-2019-7b9bb0e426",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/"
        },
        {
          "name": "FEDORA-2019-15d57af79a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/"
        },
        {
          "name": "[oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 \u0026 CVE-2019-3838",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/21/1"
        },
        {
          "name": "FEDORA-2019-9f06aa44f6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/"
        },
        {
          "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Apr/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html"
        },
        {
          "name": "RHBA-2019:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0327"
        },
        {
          "name": "FEDORA-2019-953fc0f16d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/"
        },
        {
          "name": "FEDORA-2019-ebd6c4f15a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/"
        },
        {
          "name": "GLSA-202004-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202004-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0229",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0229"
            },
            {
              "name": "106700",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106700"
            },
            {
              "name": "USN-3866-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3866-1/"
            },
            {
              "name": "46242",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46242/"
            },
            {
              "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html"
            },
            {
              "name": "DSA-4372",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4372"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html",
              "refsource": "CONFIRM",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html",
              "refsource": "CONFIRM",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html"
            },
            {
              "name": "[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/01/23/5"
            },
            {
              "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700317",
              "refsource": "CONFIRM",
              "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700317"
            },
            {
              "name": "FEDORA-2019-7b9bb0e426",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/"
            },
            {
              "name": "FEDORA-2019-15d57af79a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/"
            },
            {
              "name": "[oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 \u0026 CVE-2019-3838",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/21/1"
            },
            {
              "name": "FEDORA-2019-9f06aa44f6",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/"
            },
            {
              "name": "20190402 [slackware-security] ghostscript (SSA:2019-092-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Apr/4"
            },
            {
              "name": "http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html"
            },
            {
              "name": "RHBA-2019:0327",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0327"
            },
            {
              "name": "FEDORA-2019-953fc0f16d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/"
            },
            {
              "name": "FEDORA-2019-ebd6c4f15a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/"
            },
            {
              "name": "GLSA-202004-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202004-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6116",
    "datePublished": "2019-03-19T18:27:21.000Z",
    "dateReserved": "2019-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:16:23.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-6116",
      "date": "2026-05-30",
      "epss": "0.60542",
      "percentile": "0.98313"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6116\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-03-21T16:01:07.063\",\"lastModified\":\"2024-11-21T04:45:58.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.\"},{\"lang\":\"es\",\"value\":\"En Artifex Ghostscript hasta la versi\u00f3n 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.26\",\"matchCriteriaId\":\"BB5064F1-5047-44DE-A3FA-72154548FDDB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/01/23/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/21/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106700\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0327\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0229\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1729\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.ghostscript.com/show_bug.cgi?id=700317\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202004-03\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3866-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4372\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46242/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/01/23/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/21/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:0327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.ghostscript.com/show_bug.cgi?id=700317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202004-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3866-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46242/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

SUSE-SU-2019:0145-1

Vulnerability from csaf_suse - Published: 2019-01-23 14:55 - Updated: 2019-01-23 14:55

Summary

Security update for ghostscript

Severity

Important

Notes

Title of the patch: Security update for ghostscript

Description of the patch: This update for ghostscript version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319)

Patchnames: SUSE-2019-145,SUSE-SLE-Module-Basesystem-15-2019-145,SUSE-SLE-Module-Desktop-Applications-15-2019-145,SUSE-SLE-Module-Development-Tools-OBS-15-2019-145

CVE-2019-6116

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

10 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1122319	self
https://www.suse.com/security/cve/CVE-2019-6116/	self
https://www.suse.com/security/cve/CVE-2019-6116	external
https://bugzilla.suse.com/1122319	external
https://bugzilla.suse.com/1129186	external
https://bugzilla.suse.com/1134156	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ghostscript",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ghostscript version 9.26a fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-145,SUSE-SLE-Module-Basesystem-15-2019-145,SUSE-SLE-Module-Desktop-Applications-15-2019-145,SUSE-SLE-Module-Development-Tools-OBS-15-2019-145",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0145-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:0145-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190145-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:0145-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005057.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1122319",
        "url": "https://bugzilla.suse.com/1122319"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-6116 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-6116/"
      }
    ],
    "title": "Security update for ghostscript",
    "tracking": {
      "current_release_date": "2019-01-23T14:55:49Z",
      "generator": {
        "date": "2019-01-23T14:55:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:0145-1",
      "initial_release_date": "2019-01-23T14:55:49Z",
      "revision_history": [
        {
          "date": "2019-01-23T14:55:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ghostscript-9.26a-3.12.1.aarch64",
                "product": {
                  "name": "ghostscript-9.26a-3.12.1.aarch64",
                  "product_id": "ghostscript-9.26a-3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-devel-9.26a-3.12.1.aarch64",
                "product": {
                  "name": "ghostscript-devel-9.26a-3.12.1.aarch64",
                  "product_id": "ghostscript-devel-9.26a-3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-9.26a-3.12.1.aarch64",
                "product": {
                  "name": "ghostscript-mini-9.26a-3.12.1.aarch64",
                  "product_id": "ghostscript-mini-9.26a-3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-devel-9.26a-3.12.1.aarch64",
                "product": {
                  "name": "ghostscript-mini-devel-9.26a-3.12.1.aarch64",
                  "product_id": "ghostscript-mini-devel-9.26a-3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-x11-9.26a-3.12.1.aarch64",
                "product": {
                  "name": "ghostscript-x11-9.26a-3.12.1.aarch64",
                  "product_id": "ghostscript-x11-9.26a-3.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre-devel-0.2.8-3.6.1.aarch64",
                "product": {
                  "name": "libspectre-devel-0.2.8-3.6.1.aarch64",
                  "product_id": "libspectre-devel-0.2.8-3.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre1-0.2.8-3.6.1.aarch64",
                "product": {
                  "name": "libspectre1-0.2.8-3.6.1.aarch64",
                  "product_id": "libspectre1-0.2.8-3.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ghostscript-9.26a-3.12.1.i586",
                "product": {
                  "name": "ghostscript-9.26a-3.12.1.i586",
                  "product_id": "ghostscript-9.26a-3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-devel-9.26a-3.12.1.i586",
                "product": {
                  "name": "ghostscript-devel-9.26a-3.12.1.i586",
                  "product_id": "ghostscript-devel-9.26a-3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-9.26a-3.12.1.i586",
                "product": {
                  "name": "ghostscript-mini-9.26a-3.12.1.i586",
                  "product_id": "ghostscript-mini-9.26a-3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-devel-9.26a-3.12.1.i586",
                "product": {
                  "name": "ghostscript-mini-devel-9.26a-3.12.1.i586",
                  "product_id": "ghostscript-mini-devel-9.26a-3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-x11-9.26a-3.12.1.i586",
                "product": {
                  "name": "ghostscript-x11-9.26a-3.12.1.i586",
                  "product_id": "ghostscript-x11-9.26a-3.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre-devel-0.2.8-3.6.1.i586",
                "product": {
                  "name": "libspectre-devel-0.2.8-3.6.1.i586",
                  "product_id": "libspectre-devel-0.2.8-3.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre1-0.2.8-3.6.1.i586",
                "product": {
                  "name": "libspectre1-0.2.8-3.6.1.i586",
                  "product_id": "libspectre1-0.2.8-3.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ghostscript-9.26a-3.12.1.ppc64le",
                "product": {
                  "name": "ghostscript-9.26a-3.12.1.ppc64le",
                  "product_id": "ghostscript-9.26a-3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-devel-9.26a-3.12.1.ppc64le",
                "product": {
                  "name": "ghostscript-devel-9.26a-3.12.1.ppc64le",
                  "product_id": "ghostscript-devel-9.26a-3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-9.26a-3.12.1.ppc64le",
                "product": {
                  "name": "ghostscript-mini-9.26a-3.12.1.ppc64le",
                  "product_id": "ghostscript-mini-9.26a-3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-devel-9.26a-3.12.1.ppc64le",
                "product": {
                  "name": "ghostscript-mini-devel-9.26a-3.12.1.ppc64le",
                  "product_id": "ghostscript-mini-devel-9.26a-3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-x11-9.26a-3.12.1.ppc64le",
                "product": {
                  "name": "ghostscript-x11-9.26a-3.12.1.ppc64le",
                  "product_id": "ghostscript-x11-9.26a-3.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre-devel-0.2.8-3.6.1.ppc64le",
                "product": {
                  "name": "libspectre-devel-0.2.8-3.6.1.ppc64le",
                  "product_id": "libspectre-devel-0.2.8-3.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre1-0.2.8-3.6.1.ppc64le",
                "product": {
                  "name": "libspectre1-0.2.8-3.6.1.ppc64le",
                  "product_id": "libspectre1-0.2.8-3.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ghostscript-9.26a-3.12.1.s390x",
                "product": {
                  "name": "ghostscript-9.26a-3.12.1.s390x",
                  "product_id": "ghostscript-9.26a-3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-devel-9.26a-3.12.1.s390x",
                "product": {
                  "name": "ghostscript-devel-9.26a-3.12.1.s390x",
                  "product_id": "ghostscript-devel-9.26a-3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-9.26a-3.12.1.s390x",
                "product": {
                  "name": "ghostscript-mini-9.26a-3.12.1.s390x",
                  "product_id": "ghostscript-mini-9.26a-3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-devel-9.26a-3.12.1.s390x",
                "product": {
                  "name": "ghostscript-mini-devel-9.26a-3.12.1.s390x",
                  "product_id": "ghostscript-mini-devel-9.26a-3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-x11-9.26a-3.12.1.s390x",
                "product": {
                  "name": "ghostscript-x11-9.26a-3.12.1.s390x",
                  "product_id": "ghostscript-x11-9.26a-3.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre-devel-0.2.8-3.6.1.s390x",
                "product": {
                  "name": "libspectre-devel-0.2.8-3.6.1.s390x",
                  "product_id": "libspectre-devel-0.2.8-3.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre1-0.2.8-3.6.1.s390x",
                "product": {
                  "name": "libspectre1-0.2.8-3.6.1.s390x",
                  "product_id": "libspectre1-0.2.8-3.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ghostscript-9.26a-3.12.1.x86_64",
                "product": {
                  "name": "ghostscript-9.26a-3.12.1.x86_64",
                  "product_id": "ghostscript-9.26a-3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-devel-9.26a-3.12.1.x86_64",
                "product": {
                  "name": "ghostscript-devel-9.26a-3.12.1.x86_64",
                  "product_id": "ghostscript-devel-9.26a-3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-9.26a-3.12.1.x86_64",
                "product": {
                  "name": "ghostscript-mini-9.26a-3.12.1.x86_64",
                  "product_id": "ghostscript-mini-9.26a-3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-mini-devel-9.26a-3.12.1.x86_64",
                "product": {
                  "name": "ghostscript-mini-devel-9.26a-3.12.1.x86_64",
                  "product_id": "ghostscript-mini-devel-9.26a-3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ghostscript-x11-9.26a-3.12.1.x86_64",
                "product": {
                  "name": "ghostscript-x11-9.26a-3.12.1.x86_64",
                  "product_id": "ghostscript-x11-9.26a-3.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre-devel-0.2.8-3.6.1.x86_64",
                "product": {
                  "name": "libspectre-devel-0.2.8-3.6.1.x86_64",
                  "product_id": "libspectre-devel-0.2.8-3.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libspectre1-0.2.8-3.6.1.x86_64",
                "product": {
                  "name": "libspectre1-0.2.8-3.6.1.x86_64",
                  "product_id": "libspectre1-0.2.8-3.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-9.26a-3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.aarch64"
        },
        "product_reference": "ghostscript-9.26a-3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-9.26a-3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.ppc64le"
        },
        "product_reference": "ghostscript-9.26a-3.12.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-9.26a-3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.s390x"
        },
        "product_reference": "ghostscript-9.26a-3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-9.26a-3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.x86_64"
        },
        "product_reference": "ghostscript-9.26a-3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-devel-9.26a-3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.aarch64"
        },
        "product_reference": "ghostscript-devel-9.26a-3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-devel-9.26a-3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.ppc64le"
        },
        "product_reference": "ghostscript-devel-9.26a-3.12.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-devel-9.26a-3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.s390x"
        },
        "product_reference": "ghostscript-devel-9.26a-3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-devel-9.26a-3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.x86_64"
        },
        "product_reference": "ghostscript-devel-9.26a-3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-x11-9.26a-3.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.aarch64"
        },
        "product_reference": "ghostscript-x11-9.26a-3.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-x11-9.26a-3.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.ppc64le"
        },
        "product_reference": "ghostscript-x11-9.26a-3.12.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-x11-9.26a-3.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.s390x"
        },
        "product_reference": "ghostscript-x11-9.26a-3.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ghostscript-x11-9.26a-3.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.x86_64"
        },
        "product_reference": "ghostscript-x11-9.26a-3.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre-devel-0.2.8-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.aarch64"
        },
        "product_reference": "libspectre-devel-0.2.8-3.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre-devel-0.2.8-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.ppc64le"
        },
        "product_reference": "libspectre-devel-0.2.8-3.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre-devel-0.2.8-3.6.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.s390x"
        },
        "product_reference": "libspectre-devel-0.2.8-3.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre-devel-0.2.8-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.x86_64"
        },
        "product_reference": "libspectre-devel-0.2.8-3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre1-0.2.8-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.aarch64"
        },
        "product_reference": "libspectre1-0.2.8-3.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre1-0.2.8-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.ppc64le"
        },
        "product_reference": "libspectre1-0.2.8-3.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre1-0.2.8-3.6.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.s390x"
        },
        "product_reference": "libspectre1-0.2.8-3.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libspectre1-0.2.8-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.x86_64"
        },
        "product_reference": "libspectre1-0.2.8-3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-6116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-6116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.s390x",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-6116",
          "url": "https://www.suse.com/security/cve/CVE-2019-6116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122319 for CVE-2019-6116",
          "url": "https://bugzilla.suse.com/1122319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129186 for CVE-2019-6116",
          "url": "https://bugzilla.suse.com/1129186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134156 for CVE-2019-6116",
          "url": "https://bugzilla.suse.com/1134156"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.12.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre-devel-0.2.8-3.6.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.s390x",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libspectre1-0.2.8-3.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-23T14:55:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-6116"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6116 (GCVE-0-2019-6116)

SUSE-SU-2019:0145-1

Tags

Sightings

Nomenclature