Test ID:	1.3.6.1.4.1.25623.1.0.68433
Category:	Fedora Local Security Checks
Title:	Fedora Core 12 FEDORA-2010-14633 (ghostscript)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ghostscript announced via advisory FEDORA-2010-14633. Update Information: This package fixes a security problem (CVE-2010-2055) in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour. Additionally, several other bugs have been fixed: scripts defining GS_EXECUTABLE have been corrected an epstopdf failure has been fixed some crashes that could occur in some situations have been fixed the Fontmap.local file is once again honoured. Further, the cups driver can now use automatic memory allocation. To enable this feature, put RIPCache auto in /etc/cups/cupsd.conf. References: [ 1 ] Bug #599564 - CVE-2010-2055 Ghostscript: reads initialization files from CWD https://bugzilla.redhat.com/show_bug.cgi?id=599564 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update ghostscript' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-14633 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2055 20100522 Ghostscript 8.64 executes random code at startup http://www.securityfocus.com/archive/1/511433 20100526 Re: Ghostscript 8.64 executes random code at startup http://www.securityfocus.com/archive/1/511472 http://www.securityfocus.com/archive/1/511474 http://www.securityfocus.com/archive/1/511476 40452 http://secunia.com/advisories/40452 40475 http://secunia.com/advisories/40475 40532 http://secunia.com/advisories/40532 66247 http://www.osvdb.org/66247 ADV-2010-1757 http://www.vupen.com/english/advisories/2010/1757 FEDORA-2010-10642 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html FEDORA-2010-10660 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml RHSA-2012:0095 https://rhn.redhat.com/errata/RHSA-2012-0095.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316 http://bugs.ghostscript.com/show_bug.cgi?id=691339 http://bugs.ghostscript.com/show_bug.cgi?id=691350 http://savannah.gnu.org/forum/forum.php?forum_id=6368 https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.redhat.com/show_bug.cgi?id=599564 Common Vulnerability Exposure (CVE) ID: CVE-2010-1628 20100511 Multiple memory corruption vulnerabilities in Ghostscript http://seclists.org/fulldisclosure/2010/May/134 20100512 Multiple memory corruption vulnerabilities in Ghostscript http://www.securityfocus.com/archive/1/511243/100/0/threaded 39753 http://secunia.com/advisories/39753 40107 http://www.securityfocus.com/bid/40107 40580 http://secunia.com/advisories/40580 ADV-2010-1138 http://www.vupen.com/english/advisories/2010/1138 MDVSA-2010:134 http://www.mandriva.com/security/advisories?name=MDVSA-2010:134 USN-961-1 http://www.ubuntu.com/usn/USN-961-1 [oss-security] 20100511 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/12/1 [oss-security] 20100518 Re: CVE assignment: ghostscript stack-based overflow http://www.openwall.com/lists/oss-security/2010/05/18/7 http://bugs.ghostscript.com/show_bug.cgi?id=691295 https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 Common Vulnerability Exposure (CVE) ID: CVE-2009-4270 37410 http://www.securityfocus.com/bid/37410 37851 http://secunia.com/advisories/37851 61140 http://osvdb.org/61140 ADV-2009-3597 http://www.vupen.com/english/advisories/2009/3597 MDVSA-2010:135 http://www.mandriva.com/security/advisories?name=MDVSA-2010:135 [oss-security] 20091217 possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/1 [oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64 http://www.openwall.com/lists/oss-security/2009/12/18/2 http://bugs.ghostscript.com/show_bug.cgi?id=690829 https://bugzilla.redhat.com/show_bug.cgi?id=540760
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.