Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-10216 (GCVE-0-2019-10216)
Vulnerability from cvelistv5 – Published: 2019-11-27 12:10 – Updated: 2024-08-04 22:17
VLAI
EPSS
Summary
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
Severity
7.3 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=co… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202004-03 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript |
Affected:
before 9.50
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ghostscript",
"vendor": "ghostscript",
"versions": [
{
"status": "affected",
"version": "before 9.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T21:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "before 9.50"
}
]
}
}
]
},
"vendor_name": "ghostscript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202004-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10216",
"datePublished": "2019-11-27T12:10:12.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-10216",
"date": "2026-05-30",
"epss": "0.00526",
"percentile": "0.67317"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10216\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-11-27T13:15:10.747\",\"lastModified\":\"2024-11-21T04:18:40.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.\"},{\"lang\":\"es\",\"value\":\"En ghostscript anterior a la versi\u00f3n 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podr\u00eda abusar de esta fallo al crear un archivo PostScript especialmente dise\u00f1ado que podr\u00eda escalar privilegios y acceder a archivos fuera de las \u00e1reas restringidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-648\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.50\",\"matchCriteriaId\":\"1F129EB4-EEB2-46F1-8DAA-E016D7EE1356\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:3scale_api_management:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923249F9-2CEB-4CC8-B72C-71617B057280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21690BAC-2129-4A33-9B48-1F3BF30072A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202004-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202004-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2019:2534
Vulnerability from csaf_redhat - Published: 2019-08-21 11:44 - Updated: 2026-03-18 01:46Summary
Red Hat Security Advisory: Red Hat 3scale API Management 2.6.0 release and security update
Severity
Important
Notes
Topic: A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.
This release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale API Management 2.5.1.
Security Fix(es):
* ghostscript: -dSAFER escape via .buildfont1 (CVE-2019-10216)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found where 3scale did not set the HTTPOnly attribute on the user session cookie. An attacker could abuse this flaw to conduct Cross-site Scripting attacks and gain access to unauthorized information.
4.6 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
29 references
Acknowledgments
Artifex Software
Cloudinary
Netanel
Cyber Defense Institute
Hiroki MATSUKUMA
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale API Management 2.5.1.\n\nSecurity Fix(es):\n\n* ghostscript: -dSAFER escape via .buildfont1 (CVE-2019-10216)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2534",
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1737080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737080"
},
{
"category": "external",
"summary": "THREESCALE-2852",
"url": "https://issues.redhat.com/browse/THREESCALE-2852"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2534.json"
}
],
"title": "Red Hat Security Advisory: Red Hat 3scale API Management 2.6.0 release and security update",
"tracking": {
"current_release_date": "2026-03-18T01:46:45+00:00",
"generator": {
"date": "2026-03-18T01:46:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2019:2534",
"initial_release_date": "2019-08-21T11:44:18+00:00",
"revision_history": [
{
"date": "2019-08-21T11:44:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-21T11:44:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T01:46:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHAMP-2.6",
"product": {
"name": "RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:3scale_amp:2"
}
}
}
],
"category": "product_family",
"name": "3scale API Management"
},
{
"branches": [
{
"category": "product_version",
"name": "3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"product": {
"name": "3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"product_id": "3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/apicast-gateway\u0026tag=1.15-9"
}
}
},
{
"category": "product_version",
"name": "3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"product": {
"name": "3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"product_id": "3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/backend\u0026tag=1.9-24"
}
}
},
{
"category": "product_version",
"name": "3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64",
"product": {
"name": "3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64",
"product_id": "3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/zync\u0026tag=1.9-28"
}
}
},
{
"category": "product_version",
"name": "3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product": {
"name": "3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product_id": "3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product_identification_helper": {
"purl": "pkg:oci/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/3scale-operator\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product": {
"name": "3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product_id": "3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"product_identification_helper": {
"purl": "pkg:oci/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/operator\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"product": {
"name": "3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"product_id": "3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp26/toolbox\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64"
},
"product_reference": "3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64"
},
"product_reference": "3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64"
},
"product_reference": "3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64"
},
"product_reference": "3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64"
},
"product_reference": "3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64 as a component of RHAMP-2.6",
"product_id": "7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
},
"product_reference": "3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64",
"relates_to_product_reference": "7Server-RH7-3scale-AMP-2.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Artifex Software"
]
},
{
"names": [
"Netanel"
],
"organization": "Cloudinary",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-10216",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2019-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737080"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ghostscript: -dSAFER escape via .buildfont1 (701394)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10216"
},
{
"category": "external",
"summary": "RHBZ#1737080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10216",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10216"
}
],
"release_date": "2019-08-12T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
},
{
"category": "workaround",
"details": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ghostscript: -dSAFER escape via .buildfont1 (701394)"
},
{
"acknowledgments": [
{
"names": [
"Artifex Software"
]
},
{
"names": [
"Hiroki MATSUKUMA"
],
"organization": "Cyber Defense Institute",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14811",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2019-08-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14811"
},
{
"category": "external",
"summary": "RHBZ#1743757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14811"
}
],
"release_date": "2019-08-28T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
},
{
"category": "workaround",
"details": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)"
},
{
"acknowledgments": [
{
"names": [
"Artifex Software"
]
},
{
"names": [
"Hiroki MATSUKUMA"
],
"organization": "Cyber Defense Institute",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14812",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2019-08-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14812"
},
{
"category": "external",
"summary": "RHBZ#1743754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14812"
}
],
"release_date": "2019-08-28T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
},
{
"category": "workaround",
"details": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)"
},
{
"acknowledgments": [
{
"names": [
"Artifex Software"
]
},
{
"names": [
"Hiroki MATSUKUMA"
],
"organization": "Cyber Defense Institute",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2019-14813",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743737"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14813"
},
{
"category": "external",
"summary": "RHBZ#1743737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14813"
}
],
"release_date": "2019-08-28T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
},
{
"category": "workaround",
"details": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)"
},
{
"acknowledgments": [
{
"names": [
"Artifex Software"
]
}
],
"cve": "CVE-2019-14817",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2019-08-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1744042"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14817"
},
{
"category": "external",
"summary": "RHBZ#1744042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14817"
}
],
"release_date": "2019-08-28T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)"
},
{
"cve": "CVE-2019-14849",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2019-05-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1712167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where 3scale did not set the HTTPOnly attribute on the user session cookie. An attacker could abuse this flaw to conduct Cross-site Scripting attacks and gain access to unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "3scale: user session cookie does not set HTTPOnly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14849"
},
{
"category": "external",
"summary": "RHBZ#1712167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14849"
}
],
"release_date": "2019-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-21T11:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html-single/installing_3scale/#onpremises-installation",
"product_ids": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/3scale-operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/apicast-gateway@sha256:460179d4b253aa5ec8230e1822b9a1d391f572b69b8339c8610598fe9e4b6e69_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/backend@sha256:fc6b954148555d14c3e69152d30eb3db525d12443a64c6301e30717c33f7bf7e_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/operator@sha256:a15858e65d1ce9d9135dc6efc6bbd991c139da60fa27f5c6d913f6a14a2da926_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/toolbox@sha256:af0fe71f79abd21a7cb7a10c7a3797253a2b59025805709db5077f7608be6aed_amd64",
"7Server-RH7-3scale-AMP-2.6:3scale-amp26/zync@sha256:93028a84361f47d61dc8d487547f1023817f3c8a95d8f0d287c1774e18954f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "3scale: user session cookie does not set HTTPOnly"
}
]
}
SUSE-SU-2019:2347-1
Vulnerability from csaf_suse - Published: 2019-09-10 12:51 - Updated: 2019-09-10 12:51Summary
Security update for ghostscript
Severity
Moderate
Notes
Title of the patch: Security update for ghostscript
Description of the patch: This update for ghostscript fixes the following issues:
Security issue fixed:
- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).
Patchnames: SUSE-2019-2347,SUSE-SLE-DESKTOP-12-SP4-2019-2347,SUSE-SLE-SDK-12-SP4-2019-2347,SUSE-SLE-SERVER-12-SP4-2019-2347
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ghostscript",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ghostscript fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2347,SUSE-SLE-DESKTOP-12-SP4-2019-2347,SUSE-SLE-SDK-12-SP4-2019-2347,SUSE-SLE-SERVER-12-SP4-2019-2347",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2347-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2347-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192347-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2347-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005900.html"
},
{
"category": "self",
"summary": "SUSE Bug 1144621",
"url": "https://bugzilla.suse.com/1144621"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10216 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10216/"
}
],
"title": "Security update for ghostscript",
"tracking": {
"current_release_date": "2019-09-10T12:51:22Z",
"generator": {
"date": "2019-09-10T12:51:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2347-1",
"initial_release_date": "2019-09-10T12:51:22Z",
"revision_history": [
{
"date": "2019-09-10T12:51:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.aarch64",
"product": {
"name": "ghostscript-9.26a-23.25.1.aarch64",
"product_id": "ghostscript-9.26a-23.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.aarch64",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.aarch64",
"product_id": "ghostscript-devel-9.26a-23.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.aarch64",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.aarch64",
"product_id": "ghostscript-mini-9.26a-23.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.aarch64",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.aarch64",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.aarch64",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.aarch64",
"product_id": "ghostscript-x11-9.26a-23.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.i586",
"product": {
"name": "ghostscript-9.26a-23.25.1.i586",
"product_id": "ghostscript-9.26a-23.25.1.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.i586",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.i586",
"product_id": "ghostscript-devel-9.26a-23.25.1.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.i586",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.i586",
"product_id": "ghostscript-mini-9.26a-23.25.1.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.i586",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.i586",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.i586",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.i586",
"product_id": "ghostscript-x11-9.26a-23.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.ppc64le",
"product": {
"name": "ghostscript-9.26a-23.25.1.ppc64le",
"product_id": "ghostscript-9.26a-23.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.ppc64le",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.ppc64le",
"product_id": "ghostscript-devel-9.26a-23.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.ppc64le",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.ppc64le",
"product_id": "ghostscript-mini-9.26a-23.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.ppc64le",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.ppc64le",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.ppc64le",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.ppc64le",
"product_id": "ghostscript-x11-9.26a-23.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.s390",
"product": {
"name": "ghostscript-9.26a-23.25.1.s390",
"product_id": "ghostscript-9.26a-23.25.1.s390"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.s390",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.s390",
"product_id": "ghostscript-devel-9.26a-23.25.1.s390"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.s390",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.s390",
"product_id": "ghostscript-mini-9.26a-23.25.1.s390"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.s390",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.s390",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.s390"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.s390",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.s390",
"product_id": "ghostscript-x11-9.26a-23.25.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.s390x",
"product": {
"name": "ghostscript-9.26a-23.25.1.s390x",
"product_id": "ghostscript-9.26a-23.25.1.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.s390x",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.s390x",
"product_id": "ghostscript-devel-9.26a-23.25.1.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.s390x",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.s390x",
"product_id": "ghostscript-mini-9.26a-23.25.1.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.s390x",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.s390x",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.s390x",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.s390x",
"product_id": "ghostscript-x11-9.26a-23.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-23.25.1.x86_64",
"product": {
"name": "ghostscript-9.26a-23.25.1.x86_64",
"product_id": "ghostscript-9.26a-23.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-23.25.1.x86_64",
"product": {
"name": "ghostscript-devel-9.26a-23.25.1.x86_64",
"product_id": "ghostscript-devel-9.26a-23.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-23.25.1.x86_64",
"product": {
"name": "ghostscript-mini-9.26a-23.25.1.x86_64",
"product_id": "ghostscript-mini-9.26a-23.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-23.25.1.x86_64",
"product": {
"name": "ghostscript-mini-devel-9.26a-23.25.1.x86_64",
"product_id": "ghostscript-mini-devel-9.26a-23.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-23.25.1.x86_64",
"product": {
"name": "ghostscript-x11-9.26a-23.25.1.x86_64",
"product_id": "ghostscript-x11-9.26a-23.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-23.25.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.aarch64"
},
"product_reference": "ghostscript-devel-9.26a-23.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-23.25.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.ppc64le"
},
"product_reference": "ghostscript-devel-9.26a-23.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-23.25.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.s390x"
},
"product_reference": "ghostscript-devel-9.26a-23.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-devel-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.aarch64"
},
"product_reference": "ghostscript-9.26a-23.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.ppc64le"
},
"product_reference": "ghostscript-9.26a-23.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.s390x"
},
"product_reference": "ghostscript-9.26a-23.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.aarch64"
},
"product_reference": "ghostscript-9.26a-23.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.ppc64le"
},
"product_reference": "ghostscript-9.26a-23.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.s390x"
},
"product_reference": "ghostscript-9.26a-23.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-23.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64"
},
"product_reference": "ghostscript-x11-9.26a-23.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10216"
}
],
"notes": [
{
"category": "general",
"text": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10216",
"url": "https://www.suse.com/security/cve/CVE-2019-10216"
},
{
"category": "external",
"summary": "SUSE Bug 1144621 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1144621"
},
{
"category": "external",
"summary": "SUSE Bug 1146882 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1146882"
},
{
"category": "external",
"summary": "SUSE Bug 1146884 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1146884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ghostscript-x11-9.26a-23.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:ghostscript-devel-9.26a-23.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T12:51:22Z",
"details": "moderate"
}
],
"title": "CVE-2019-10216"
}
]
}
SUSE-SU-2019:2348-1
Vulnerability from csaf_suse - Published: 2019-09-10 12:51 - Updated: 2019-09-10 12:51Summary
Security update for ghostscript
Severity
Moderate
Notes
Title of the patch: Security update for ghostscript
Description of the patch: This update for ghostscript fixes the following issues:
Security issue fixed:
- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).
Patchnames: SUSE-2019-2348,SUSE-SLE-Module-Basesystem-15-2019-2348,SUSE-SLE-Module-Basesystem-15-SP1-2019-2348,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2348,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2348
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ghostscript",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ghostscript fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2348,SUSE-SLE-Module-Basesystem-15-2019-2348,SUSE-SLE-Module-Basesystem-15-SP1-2019-2348,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2348,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2348",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2348-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2348-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192348-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2348-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005903.html"
},
{
"category": "self",
"summary": "SUSE Bug 1144621",
"url": "https://bugzilla.suse.com/1144621"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10216 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10216/"
}
],
"title": "Security update for ghostscript",
"tracking": {
"current_release_date": "2019-09-10T12:51:46Z",
"generator": {
"date": "2019-09-10T12:51:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2348-1",
"initial_release_date": "2019-09-10T12:51:46Z",
"revision_history": [
{
"date": "2019-09-10T12:51:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-3.18.2.aarch64",
"product": {
"name": "ghostscript-9.26a-3.18.2.aarch64",
"product_id": "ghostscript-9.26a-3.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-3.18.2.aarch64",
"product": {
"name": "ghostscript-devel-9.26a-3.18.2.aarch64",
"product_id": "ghostscript-devel-9.26a-3.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-3.18.2.aarch64",
"product": {
"name": "ghostscript-mini-9.26a-3.18.2.aarch64",
"product_id": "ghostscript-mini-9.26a-3.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-3.18.2.aarch64",
"product": {
"name": "ghostscript-mini-devel-9.26a-3.18.2.aarch64",
"product_id": "ghostscript-mini-devel-9.26a-3.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-3.18.2.aarch64",
"product": {
"name": "ghostscript-x11-9.26a-3.18.2.aarch64",
"product_id": "ghostscript-x11-9.26a-3.18.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-3.18.2.i586",
"product": {
"name": "ghostscript-9.26a-3.18.2.i586",
"product_id": "ghostscript-9.26a-3.18.2.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-3.18.2.i586",
"product": {
"name": "ghostscript-devel-9.26a-3.18.2.i586",
"product_id": "ghostscript-devel-9.26a-3.18.2.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-3.18.2.i586",
"product": {
"name": "ghostscript-mini-9.26a-3.18.2.i586",
"product_id": "ghostscript-mini-9.26a-3.18.2.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-3.18.2.i586",
"product": {
"name": "ghostscript-mini-devel-9.26a-3.18.2.i586",
"product_id": "ghostscript-mini-devel-9.26a-3.18.2.i586"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-3.18.2.i586",
"product": {
"name": "ghostscript-x11-9.26a-3.18.2.i586",
"product_id": "ghostscript-x11-9.26a-3.18.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-3.18.2.ppc64le",
"product": {
"name": "ghostscript-9.26a-3.18.2.ppc64le",
"product_id": "ghostscript-9.26a-3.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-3.18.2.ppc64le",
"product": {
"name": "ghostscript-devel-9.26a-3.18.2.ppc64le",
"product_id": "ghostscript-devel-9.26a-3.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-3.18.2.ppc64le",
"product": {
"name": "ghostscript-mini-9.26a-3.18.2.ppc64le",
"product_id": "ghostscript-mini-9.26a-3.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-3.18.2.ppc64le",
"product": {
"name": "ghostscript-mini-devel-9.26a-3.18.2.ppc64le",
"product_id": "ghostscript-mini-devel-9.26a-3.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-3.18.2.ppc64le",
"product": {
"name": "ghostscript-x11-9.26a-3.18.2.ppc64le",
"product_id": "ghostscript-x11-9.26a-3.18.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-3.18.2.s390x",
"product": {
"name": "ghostscript-9.26a-3.18.2.s390x",
"product_id": "ghostscript-9.26a-3.18.2.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-3.18.2.s390x",
"product": {
"name": "ghostscript-devel-9.26a-3.18.2.s390x",
"product_id": "ghostscript-devel-9.26a-3.18.2.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-3.18.2.s390x",
"product": {
"name": "ghostscript-mini-9.26a-3.18.2.s390x",
"product_id": "ghostscript-mini-9.26a-3.18.2.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-3.18.2.s390x",
"product": {
"name": "ghostscript-mini-devel-9.26a-3.18.2.s390x",
"product_id": "ghostscript-mini-devel-9.26a-3.18.2.s390x"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-3.18.2.s390x",
"product": {
"name": "ghostscript-x11-9.26a-3.18.2.s390x",
"product_id": "ghostscript-x11-9.26a-3.18.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ghostscript-9.26a-3.18.2.x86_64",
"product": {
"name": "ghostscript-9.26a-3.18.2.x86_64",
"product_id": "ghostscript-9.26a-3.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-devel-9.26a-3.18.2.x86_64",
"product": {
"name": "ghostscript-devel-9.26a-3.18.2.x86_64",
"product_id": "ghostscript-devel-9.26a-3.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-9.26a-3.18.2.x86_64",
"product": {
"name": "ghostscript-mini-9.26a-3.18.2.x86_64",
"product_id": "ghostscript-mini-9.26a-3.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-mini-devel-9.26a-3.18.2.x86_64",
"product": {
"name": "ghostscript-mini-devel-9.26a-3.18.2.x86_64",
"product_id": "ghostscript-mini-devel-9.26a-3.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "ghostscript-x11-9.26a-3.18.2.x86_64",
"product": {
"name": "ghostscript-x11-9.26a-3.18.2.x86_64",
"product_id": "ghostscript-x11-9.26a-3.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-devel-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-devel-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.aarch64"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.ppc64le"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.s390x"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ghostscript-x11-9.26a-3.18.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.x86_64"
},
"product_reference": "ghostscript-x11-9.26a-3.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10216"
}
],
"notes": [
{
"category": "general",
"text": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10216",
"url": "https://www.suse.com/security/cve/CVE-2019-10216"
},
{
"category": "external",
"summary": "SUSE Bug 1144621 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1144621"
},
{
"category": "external",
"summary": "SUSE Bug 1146882 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1146882"
},
{
"category": "external",
"summary": "SUSE Bug 1146884 for CVE-2019-10216",
"url": "https://bugzilla.suse.com/1146884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ghostscript-x11-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-devel-9.26a-3.18.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ghostscript-x11-9.26a-3.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T12:51:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-10216"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…