安全公告详情

NS-SA-2019-0035

2019-07-17 14:56:05

简介

critical: ghostscript/java-1.8.0-openjdk security update

严重级别

critical

主题

An update for ghostscript/java-1.8.0-openjdk is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

ghostscript: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package.
java-1.8.0-openjdk: The OpenJDK API documentation.


Security Fix(es):
ghostscript: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.(CVE-2018-10194)
ghostscript: It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.(CVE-2018-15910)
ghostscript: It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document.(CVE-2018-16509)
ghostscript: It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document.(CVE-2018-16542)
ghostscript: bugfix
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)(CVE-2018-3214)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)(CVE-2018-3139)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)(CVE-2018-3180)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)(CVE-2018-3136)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)(CVE-2018-3149)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)(CVE-2018-3169)
java-1.8.0-openjdk: ulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)(CVE-2018-3183)
java-1.8.0-openjdk: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F7.

影响组件

  • ghostscript
  • java-1.8.0-openjdk

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["ghostscript-9.07-29.el7_5.2.x86_64.rpm","ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm","ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm","ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm","ghostscript-doc-9.07-29.el7_5.2.noarch.rpm","ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm"],"source":"ghostscript-9.07-29.el7_5.2.src.rpm"},{"binary":["java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-accessibility-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-accessibility-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-debuginfo-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-demo-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-javadoc-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-zip-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-src-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-src-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm"],"source":"java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["ghostscript-9.07-29.el7_5.2.x86_64.rpm","ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm","ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm","ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm","ghostscript-doc-9.07-29.el7_5.2.noarch.rpm","ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm"],"source":"ghostscript-9.07-29.el7_5.2.src.rpm"},{"binary":["java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-accessibility-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-accessibility-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-debuginfo-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-demo-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-demo-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-devel-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-headless-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-javadoc-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-debug-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-zip-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.191.b12-0.el7_5.noarch.rpm","java-1.8.0-openjdk-src-1.8.0.191.b12-0.el7_5.x86_64.rpm","java-1.8.0-openjdk-src-debug-1.8.0.191.b12-0.el7_5.x86_64.rpm"],"source":"java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.src.rpm"}]}]}

CVE

参考