 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.882624 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for ghostscript CESA-2017:0013 centos7 |
| Resumen: | Check the version of ghostscript |
| Descripción: | Summary: Check the version of ghostscript Vulnerability Insight: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) Affected Software/OS: ghostscript on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-5653 BugTraq ID: 96497 http://www.securityfocus.com/bid/96497 Debian Security Information: DSA-3691 (Google Search) http://www.debian.org/security/2016/dsa-3691 http://www.openwall.com/lists/oss-security/2016/09/29/28 http://www.openwall.com/lists/oss-security/2016/09/29/5 RedHat Security Advisories: RHSA-2017:0013 http://rhn.redhat.com/errata/RHSA-2017-0013.html RedHat Security Advisories: RHSA-2017:0014 http://rhn.redhat.com/errata/RHSA-2017-0014.html Common Vulnerability Exposure (CVE) ID: CVE-2016-7977 BugTraq ID: 95334 http://www.securityfocus.com/bid/95334 https://security.gentoo.org/glsa/201702-31 http://www.openwall.com/lists/oss-security/2016/10/05/15 Common Vulnerability Exposure (CVE) ID: CVE-2016-7978 BugTraq ID: 95336 http://www.securityfocus.com/bid/95336 Common Vulnerability Exposure (CVE) ID: CVE-2016-7979 BugTraq ID: 95337 http://www.securityfocus.com/bid/95337 Common Vulnerability Exposure (CVE) ID: CVE-2016-8602 BugTraq ID: 95311 http://www.securityfocus.com/bid/95311 http://www.openwall.com/lists/oss-security/2016/10/11/5 http://www.openwall.com/lists/oss-security/2016/10/11/7 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |