Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.882624 |
Kategorie: | CentOS Local Security Checks |
Titel: | CentOS Update for ghostscript CESA-2017:0013 centos7 |
Zusammenfassung: | Check the version of ghostscript |
Beschreibung: | Summary: Check the version of ghostscript Vulnerability Insight: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) Affected Software/OS: ghostscript on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-5653 BugTraq ID: 96497 http://www.securityfocus.com/bid/96497 Debian Security Information: DSA-3691 (Google Search) http://www.debian.org/security/2016/dsa-3691 http://www.openwall.com/lists/oss-security/2016/09/29/28 http://www.openwall.com/lists/oss-security/2016/09/29/5 RedHat Security Advisories: RHSA-2017:0013 http://rhn.redhat.com/errata/RHSA-2017-0013.html RedHat Security Advisories: RHSA-2017:0014 http://rhn.redhat.com/errata/RHSA-2017-0014.html Common Vulnerability Exposure (CVE) ID: CVE-2016-7977 BugTraq ID: 95334 http://www.securityfocus.com/bid/95334 https://security.gentoo.org/glsa/201702-31 http://www.openwall.com/lists/oss-security/2016/10/05/15 Common Vulnerability Exposure (CVE) ID: CVE-2016-7978 BugTraq ID: 95336 http://www.securityfocus.com/bid/95336 Common Vulnerability Exposure (CVE) ID: CVE-2016-7979 BugTraq ID: 95337 http://www.securityfocus.com/bid/95337 Common Vulnerability Exposure (CVE) ID: CVE-2016-8602 BugTraq ID: 95311 http://www.securityfocus.com/bid/95311 http://www.openwall.com/lists/oss-security/2016/10/11/5 http://www.openwall.com/lists/oss-security/2016/10/11/7 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |