English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880806
Category:CentOS Local Security Checks
Title:CentOS Update for ghostscript CESA-2009:0345 centos3 i386
Summary:The remote host is missing an update for the 'ghostscript'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'ghostscript'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Ghostscript is a set of software that provides a PostScript(TM)
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files.

Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in Ghostscript's International Color Consortium Format library
(icclib). Using specially-crafted ICC profiles, an attacker could create a
malicious PostScript or PDF file with embedded images which could cause
Ghostscript to crash, or, potentially, execute arbitrary code when opened
by the victim. (CVE-2009-0583, CVE-2009-0584)

All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues.

Affected Software/OS:
ghostscript on CentOS 3

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0583
1021868
http://securitytracker.com/id?1021868
20090319 rPSA-2009-0050-1 ghostscript
http://www.securityfocus.com/archive/1/501994/100/0/threaded
262288
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
34184
http://www.securityfocus.com/bid/34184
34266
http://secunia.com/advisories/34266
34373
http://secunia.com/advisories/34373
34381
http://secunia.com/advisories/34381
34393
http://secunia.com/advisories/34393
34398
http://secunia.com/advisories/34398
34418
http://secunia.com/advisories/34418
34437
http://secunia.com/advisories/34437
34443
http://secunia.com/advisories/34443
34469
http://secunia.com/advisories/34469
34729
http://secunia.com/advisories/34729
35559
http://secunia.com/advisories/35559
35569
http://secunia.com/advisories/35569
ADV-2009-0776
http://www.vupen.com/english/advisories/2009/0776
ADV-2009-0777
http://www.vupen.com/english/advisories/2009/0777
ADV-2009-0816
http://www.vupen.com/english/advisories/2009/0816
ADV-2009-1708
http://www.vupen.com/english/advisories/2009/1708
DSA-1746
http://www.debian.org/security/2009/dsa-1746
ESB-2009.0259
http://www.auscert.org.au/render.html?it=10666
FEDORA-2009-2883
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
FEDORA-2009-2885
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
FEDORA-2009-3011
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
FEDORA-2009-3031
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
GLSA-200903-37
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
MDVSA-2009:096
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
RHSA-2009:0345
http://www.redhat.com/support/errata/RHSA-2009-0345.html
SUSE-SR:2009:007
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
USN-743-1
http://www.ubuntu.com/usn/USN-743-1
USN-757-1
https://usn.ubuntu.com/757-1/
ghostscript-icclib-native-color-bo(49329)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487742
https://issues.rpath.com/browse/RPL-2991
oval:org.mitre.oval:def:10795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
Common Vulnerability Exposure (CVE) ID: CVE-2009-0584
52988
http://osvdb.org/52988
ghostscript-icclib-bo(49327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
https://bugzilla.redhat.com/show_bug.cgi?id=487744
oval:org.mitre.oval:def:10544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.