Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-127)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120483

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-127)

Resumen: The remote host is missing an update for the 'ghostscript' package(s) announced via the ALAS-2012-127 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ghostscript' package(s) announced via the ALAS-2012-127 advisory.

Vulnerability Insight:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)

Affected Software/OS:
'ghostscript' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4405
1027517
http://www.securitytracker.com/id?1027517
50719
http://secunia.com/advisories/50719
55494
http://www.securityfocus.com/bid/55494
GLSA-201412-17
http://security.gentoo.org/glsa/glsa-201412-17.xml
MDVSA-2012:151
http://www.mandriva.com/security/advisories?name=MDVSA-2012:151
MDVSA-2013:089
http://www.mandriva.com/security/advisories?name=MDVSA-2013:089
MDVSA-2013:090
http://www.mandriva.com/security/advisories?name=MDVSA-2013:090
RHSA-2012:1256
http://rhn.redhat.com/errata/RHSA-2012-1256.html
SUSE-SU-2012:1222
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html
USN-1581-1
http://www.ubuntu.com/usn/USN-1581-1
[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
http://www.openwall.com/lists/oss-security/2012/09/11/2
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301
icclib-pdf-bo(78411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78411
openSUSE-SU-2012:1289
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html
openSUSE-SU-2012:1290
http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120483
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-127)
Resumen:	The remote host is missing an update for the 'ghostscript' package(s) announced via the ALAS-2012-127 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the ALAS-2012-127 advisory. Vulnerability Insight: An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Affected Software/OS: 'ghostscript' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4405 1027517 http://www.securitytracker.com/id?1027517 50719 http://secunia.com/advisories/50719 55494 http://www.securityfocus.com/bid/55494 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2012:151 http://www.mandriva.com/security/advisories?name=MDVSA-2012:151 MDVSA-2013:089 http://www.mandriva.com/security/advisories?name=MDVSA-2013:089 MDVSA-2013:090 http://www.mandriva.com/security/advisories?name=MDVSA-2013:090 RHSA-2012:1256 http://rhn.redhat.com/errata/RHSA-2012-1256.html SUSE-SU-2012:1222 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html USN-1581-1 http://www.ubuntu.com/usn/USN-1581-1 [oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write http://www.openwall.com/lists/oss-security/2012/09/11/2 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301 icclib-pdf-bo(78411) https://exchange.xforce.ibmcloud.com/vulnerabilities/78411 openSUSE-SU-2012:1289 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html openSUSE-SU-2012:1290 http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html
Copyright	Copyright (C) 2015 Greenbone AG