ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0355
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0355)
Resumen:	The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0355 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0355 advisory. Vulnerability Insight: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9611) The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9612) The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9726) The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9727) The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9739) The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. (CVE-2017-9835) psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. (CVE-2017-11714) Affected Software/OS: 'ghostscript' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11714 Debian Security Information: DSA-3986 (Google Search) http://www.debian.org/security/2017/dsa-3986 https://security.gentoo.org/glsa/201811-12 http://www.securitytracker.com/id/1039233 Common Vulnerability Exposure (CVE) ID: CVE-2017-9611 BugTraq ID: 99975 http://www.securityfocus.com/bid/99975 Common Vulnerability Exposure (CVE) ID: CVE-2017-9612 BugTraq ID: 99979 http://www.securityfocus.com/bid/99979 Common Vulnerability Exposure (CVE) ID: CVE-2017-9726 BugTraq ID: 99992 http://www.securityfocus.com/bid/99992 Common Vulnerability Exposure (CVE) ID: CVE-2017-9727 BugTraq ID: 99999 http://www.securityfocus.com/bid/99999 Common Vulnerability Exposure (CVE) ID: CVE-2017-9739 BugTraq ID: 99987 http://www.securityfocus.com/bid/99987 Common Vulnerability Exposure (CVE) ID: CVE-2017-9835 BugTraq ID: 99991 http://www.securityfocus.com/bid/99991
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.