ID de Prueba:	1.3.6.1.4.1.25623.1.0.882976
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ghostscript CESA-2018:3650 centos7
Resumen:	The remote host is missing an update for the 'ghostscript'; package(s) announced via the CESA-2018:3650 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the CESA-2018:3650 advisory. Vulnerability Insight: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908) * ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909) * ghostscript: missing type check in type checker (699659) (CVE-2018-16511) * ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-15908. Affected Software/OS: ghostscript on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-15908 Debian Security Information: DSA-4288 (Google Search) https://www.debian.org/security/2018/dsa-4288 https://security.gentoo.org/glsa/201811-12 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3 https://www.kb.cert.org/vuls/id/332928 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html RedHat Security Advisories: RHSA-2018:3650 https://access.redhat.com/errata/RHSA-2018:3650 https://usn.ubuntu.com/3768-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-15909 BugTraq ID: 105178 http://www.securityfocus.com/bid/105178 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6 Common Vulnerability Exposure (CVE) ID: CVE-2018-16511 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01 http://seclists.org/oss-sec/2018/q3/182 https://bugs.ghostscript.com/show_bug.cgi?id=699659 https://www.artifex.com/news/ghostscript-security-resolved/ Common Vulnerability Exposure (CVE) ID: CVE-2018-16539 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b https://bugs.ghostscript.com/show_bug.cgi?id=699658
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.