Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.882624
Kategorie:CentOS Local Security Checks
Titel:CentOS Update for ghostscript CESA-2017:0013 centos7
Zusammenfassung:Check the version of ghostscript
Beschreibung:Summary:
Check the version of ghostscript

Vulnerability Insight:
The Ghostscript suite contains utilities
for rendering PostScript and PDF documents. Ghostscript translates PostScript
code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

* It was found that the ghostscript functions getenv, filenameforall and
.libfile did not honor the -dSAFER option, usually used when processing
untrusted documents, leading to information disclosure. A specially crafted
postscript document could read environment variable, list directory and
retrieve file content respectively, from the target. (CVE-2013-5653,
CVE-2016-7977)

* It was found that the ghostscript function .setdevice suffered a
use-after-free vulnerability due to an incorrect reference count. A
specially crafted postscript document could trigger code execution in the
context of the gs process. (CVE-2016-7978)

* It was found that the ghostscript function .initialize_dsc_parser did not
validate its parameter before using it, allowing a type confusion flaw. A
specially crafted postscript document could cause a crash code execution in
the context of the gs process. (CVE-2016-7979)

* It was found that ghostscript did not sufficiently check the validity of
parameters given to the .sethalftone5 function. A specially crafted
postscript document could cause a crash, or execute arbitrary code in the
context of the gs process. (CVE-2016-8602)

Affected Software/OS:
ghostscript on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-5653
BugTraq ID: 96497
http://www.securityfocus.com/bid/96497
Debian Security Information: DSA-3691 (Google Search)
http://www.debian.org/security/2016/dsa-3691
http://www.openwall.com/lists/oss-security/2016/09/29/28
http://www.openwall.com/lists/oss-security/2016/09/29/5
RedHat Security Advisories: RHSA-2017:0013
http://rhn.redhat.com/errata/RHSA-2017-0013.html
RedHat Security Advisories: RHSA-2017:0014
http://rhn.redhat.com/errata/RHSA-2017-0014.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7977
BugTraq ID: 95334
http://www.securityfocus.com/bid/95334
https://security.gentoo.org/glsa/201702-31
http://www.openwall.com/lists/oss-security/2016/10/05/15
Common Vulnerability Exposure (CVE) ID: CVE-2016-7978
BugTraq ID: 95336
http://www.securityfocus.com/bid/95336
Common Vulnerability Exposure (CVE) ID: CVE-2016-7979
BugTraq ID: 95337
http://www.securityfocus.com/bid/95337
Common Vulnerability Exposure (CVE) ID: CVE-2016-8602
BugTraq ID: 95311
http://www.securityfocus.com/bid/95311
http://www.openwall.com/lists/oss-security/2016/10/11/5
http://www.openwall.com/lists/oss-security/2016/10/11/7
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.