CentOS Local Security Checks : CentOS Update for ghostscript CESA-2012:1256 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881492

Categoría: CentOS Local Security Checks

Título: CentOS Update for ghostscript CESA-2012:1256 centos6

Resumen: The remote host is missing an update for the 'ghostscript'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'ghostscript'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in Ghostscript's International Color Consortium Format library
(icclib). An attacker could create a specially-crafted PostScript or PDF
file with embedded images that would cause Ghostscript to crash or,
potentially, execute arbitrary code with the privileges of the user running
Ghostscript. (CVE-2012-4405)

Red Hat would like to thank Marc Schönefeld for reporting this issue.

Users of Ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Affected Software/OS:
ghostscript on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4405
1027517
http://www.securitytracker.com/id?1027517
50719
http://secunia.com/advisories/50719
55494
http://www.securityfocus.com/bid/55494
GLSA-201412-17
http://security.gentoo.org/glsa/glsa-201412-17.xml
MDVSA-2012:151
http://www.mandriva.com/security/advisories?name=MDVSA-2012:151
MDVSA-2013:089
http://www.mandriva.com/security/advisories?name=MDVSA-2013:089
MDVSA-2013:090
http://www.mandriva.com/security/advisories?name=MDVSA-2013:090
RHSA-2012:1256
http://rhn.redhat.com/errata/RHSA-2012-1256.html
SUSE-SU-2012:1222
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html
USN-1581-1
http://www.ubuntu.com/usn/USN-1581-1
[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
http://www.openwall.com/lists/oss-security/2012/09/11/2
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301
icclib-pdf-bo(78411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78411
openSUSE-SU-2012:1289
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html
openSUSE-SU-2012:1290
http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881492
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ghostscript CESA-2012:1256 centos6
Resumen:	The remote host is missing an update for the 'ghostscript'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the referenced advisory. Vulnerability Insight: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schönefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: ghostscript on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4405 1027517 http://www.securitytracker.com/id?1027517 50719 http://secunia.com/advisories/50719 55494 http://www.securityfocus.com/bid/55494 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2012:151 http://www.mandriva.com/security/advisories?name=MDVSA-2012:151 MDVSA-2013:089 http://www.mandriva.com/security/advisories?name=MDVSA-2013:089 MDVSA-2013:090 http://www.mandriva.com/security/advisories?name=MDVSA-2013:090 RHSA-2012:1256 http://rhn.redhat.com/errata/RHSA-2012-1256.html SUSE-SU-2012:1222 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html USN-1581-1 http://www.ubuntu.com/usn/USN-1581-1 [oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write http://www.openwall.com/lists/oss-security/2012/09/11/2 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301 icclib-pdf-bo(78411) https://exchange.xforce.ibmcloud.com/vulnerabilities/78411 openSUSE-SU-2012:1289 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html openSUSE-SU-2012:1290 http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html
Copyright	Copyright (C) 2012 Greenbone AG