ID de Prueba:	1.3.6.1.4.1.25623.1.0.63764
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0420
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2009:0420. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792) A missing boundary check was found in Ghostscript's CCITTFax decoding filter. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2007-6725) Users of ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-0420.html http://www.redhat.com/security/updates/classification/#moderate CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6725 BugTraq ID: 34337 http://www.securityfocus.com/bid/34337 Bugtraq: 20090417 rPSA-2009-0060-1 ghostscript (Google Search) http://www.securityfocus.com/archive/1/502757/100/0/threaded http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.openwall.com/lists/oss-security/2009/04/01/10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507 http://www.redhat.com/support/errata/RHSA-2009-0420.html http://www.redhat.com/support/errata/RHSA-2009-0421.html http://secunia.com/advisories/34726 http://secunia.com/advisories/34729 http://secunia.com/advisories/34732 http://secunia.com/advisories/35416 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html https://usn.ubuntu.com/757-1/ http://www.vupen.com/english/advisories/2009/1708 Common Vulnerability Exposure (CVE) ID: CVE-2009-0792 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html http://security.gentoo.org/glsa/glsa-201412-17.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207 http://secunia.com/advisories/34373 http://secunia.com/advisories/34667 http://secunia.com/advisories/34711 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html XForce ISS Database: ghostscript-icc-bo(50381) https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 Common Vulnerability Exposure (CVE) ID: CVE-2009-0583 AUSCERT Advisory: ESB-2009.0259 http://www.auscert.org.au/render.html?it=10666 BugTraq ID: 34184 http://www.securityfocus.com/bid/34184 Bugtraq: 20090319 rPSA-2009-0050-1 ghostscript (Google Search) http://www.securityfocus.com/archive/1/501994/100/0/threaded Debian Security Information: DSA-1746 (Google Search) http://www.debian.org/security/2009/dsa-1746 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795 http://www.redhat.com/support/errata/RHSA-2009-0345.html http://securitytracker.com/id?1021868 http://secunia.com/advisories/34266 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://secunia.com/advisories/34418 http://secunia.com/advisories/34437 http://secunia.com/advisories/34443 http://secunia.com/advisories/34469 SuSE Security Announcement: SUSE-SR:2009:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://www.ubuntu.com/usn/USN-743-1 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://www.vupen.com/english/advisories/2009/0816 XForce ISS Database: ghostscript-icclib-native-color-bo(49329) https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.