Bugzilla – Bug 939342
VUL-0: CVE-2015-3228: ghostscript,ghostscript-library: out of bound read/write cause by integer overflow
Last modified: 2019-05-01 16:49:47 UTC
Created attachment 641908 [details] Reproducer CVE-2015-3228 Overflow in gs_heap_alloc_bytes(). Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=696041 http://bugs.ghostscript.com/show_bug.cgi?id=696070 Patch: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3228 http://seclists.org/oss-sec/2015/q3/183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228 http://bugs.ghostscript.com/show_bug.cgi?id=696041 http://bugs.ghostscript.com/show_bug.cgi?id=696070
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-08-11. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62237
Fixed and submitted for openSUSE 13.2 ----------------------------------------------------------------------------- $ osc maintenancerequest -m 'Fixed CVE-2015-3228 (bsc#939342)' home:jsmeix:branches:openSUSE:13.2:Update ghostscript.openSUSE_13.2_Update openSUSE:13.2:Update Using target project 'openSUSE:Maintenance' 319390 -----------------------------------------------------------------------------
This is an autogenerated message for OBS integration: This bug (939342) was mentioned in https://build.opensuse.org/request/show/319390 13.2 / ghostscript
Fixed and submitted for openSUSE 13.1 ------------------------------------------------------------------------- $ osc maintenancerequest -m 'Fixed CVE-2015-3228 (bsc#939342)' home:jsmeix:branches:openSUSE:13.1:Update ghostscript.openSUSE_13.1_Update openSUSE:13.1:Update Using target project 'openSUSE:Maintenance' 319411 -------------------------------------------------------------------------
Fixed and submitted for "Printing" and forwarded to Factory ------------------------------------------------------------------------- $ osc submitrequest -m 'Fixed CVE-2015-3228 (bsc#939342)' home:jsmeix:branches:Printing ghostscript Printing ghostscript created request id 319418 $ osc request accept -m 'Fixed CVE-2015-3228 (bsc#939342)' 319418 Result of change request state: ok openSUSE:Factory Forward this submit to it? ([y]/n)y Fixed CVE-2015-3228 (bsc#939342) (forwarded request 319418 from jsmeix) New request # 319420 ------------------------------------------------------------------------- The issue is now fixed everywhere.
Reopened and reassigned to security-team for further processing.
This is an autogenerated message for OBS integration: This bug (939342) was mentioned in https://build.opensuse.org/request/show/319411 13.1 / ghostscript https://build.opensuse.org/request/show/319420 Factory / ghostscript
openSUSE-SU-2015:1352-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 939342 CVE References: CVE-2015-3228 Sources used: openSUSE 13.2 (src): ghostscript-9.15-3.1, ghostscript-mini-9.15-3.1 openSUSE 13.1 (src): ghostscript-9.07-3.3.1, ghostscript-mini-9.07-3.3.1
SUSE-SU-2016:0884-1: An update that solves one vulnerability and has one errata is now available. Category: security (low) Bug References: 939342,963017 CVE References: CVE-2015-3228 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): ghostscript-9.15-6.5 SUSE Linux Enterprise Software Development Kit 12 (src): ghostscript-9.15-6.5 SUSE Linux Enterprise Server 12-SP1 (src): ghostscript-9.15-6.5 SUSE Linux Enterprise Server 12 (src): ghostscript-9.15-6.5 SUSE Linux Enterprise Desktop 12-SP1 (src): ghostscript-9.15-6.5 SUSE Linux Enterprise Desktop 12 (src): ghostscript-9.15-6.5
openSUSE-SU-2016:0951-1: An update that solves one vulnerability and has one errata is now available. Category: security (low) Bug References: 939342,963017 CVE References: CVE-2015-3228 Sources used: openSUSE Leap 42.1 (src): ghostscript-9.15-5.1, ghostscript-mini-9.15-5.1
SUSE-SU-2016:2493-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1001951,939342 CVE References: CVE-2013-5653,CVE-2015-3228,CVE-2016-7977,CVE-2016-7979 Sources used: SUSE OpenStack Cloud 5 (src): ghostscript-library-8.62-32.38.1 SUSE Manager Proxy 2.1 (src): ghostscript-library-8.62-32.38.1 SUSE Manager 2.1 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Server 11-SP4 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ghostscript-library-8.62-32.38.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): ghostscript-library-8.62-32.38.1
released