ID de Prueba:	1.3.6.1.4.1.25623.1.0.883005
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ghostscript CESA-2019:0229 centos7
Resumen:	The remote host is missing an update for the 'ghostscript'; package(s) announced via the CESA-2019:0229 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the CESA-2019:0229 advisory. Vulnerability Insight: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es): * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919) Affected Software/OS: ghostscript on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16540 Debian Security Information: DSA-4288 (Google Search) https://www.debian.org/security/2018/dsa-4288 https://security.gentoo.org/glsa/201811-12 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e https://bugs.ghostscript.com/show_bug.cgi?id=699661 https://www.artifex.com/news/ghostscript-security-resolved/ https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2019:0229 https://access.redhat.com/errata/RHSA-2019:0229 https://usn.ubuntu.com/3768-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19475 BugTraq ID: 106154 http://www.securityfocus.com/bid/106154 Debian Security Information: DSA-4346 (Google Search) https://www.debian.org/security/2018/dsa-4346 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 https://bugs.ghostscript.com/show_bug.cgi?id=700153 https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html https://usn.ubuntu.com/3831-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-19476 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16 https://bugs.ghostscript.com/show_bug.cgi?id=700169 Common Vulnerability Exposure (CVE) ID: CVE-2018-19477 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03 https://bugs.ghostscript.com/show_bug.cgi?id=700168 Common Vulnerability Exposure (CVE) ID: CVE-2019-6116 BugTraq ID: 106700 http://www.securityfocus.com/bid/106700 Bugtraq: 20190402 [slackware-security] ghostscript (SSA:2019-092-01) (Google Search) https://seclists.org/bugtraq/2019/Apr/4 Debian Security Information: DSA-4372 (Google Search) https://www.debian.org/security/2019/dsa-4372 https://www.exploit-db.com/exploits/46242/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/ https://security.gentoo.org/glsa/202004-03 http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1729 https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html http://www.openwall.com/lists/oss-security/2019/03/21/1 http://www.openwall.com/lists/oss-security/2019/01/23/5 https://usn.ubuntu.com/3866-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.