Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CentOS Local Security Checks
Title:CentOS Update for ghostscript CESA-2019:0229 centos7
Summary:The remote host is missing an update for the 'ghostscript'; package(s) announced via the CESA-2019:0229 advisory.
The remote host is missing an update for the 'ghostscript'
package(s) announced via the CESA-2019:0229 advisory.

Vulnerability Insight:
The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: use-after-free in copydevice handling (699661)

* ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475)

* ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476)

* ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477)

* ghostscript: subroutines within pseudo-operators must themselves be
pseudo-operators (700317) (CVE-2019-6116)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Tavis Ormandy (Google Project Zero) for
reporting CVE-2019-6116.

Bug Fix(es):

* Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during
the standard input reading, causing a '/invalidfileaccess in --run--'
error. With this update, the regression has been fixed and the described
error no longer occurs. (BZ#1665919)

Affected Software/OS:
ghostscript on CentOS 7.

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-6116
BugTraq ID: 106700
Bugtraq: 20190402 [slackware-security] ghostscript (SSA:2019-092-01) (Google Search)
Debian Security Information: DSA-4372 (Google Search)
RedHat Security Advisories: RHBA-2019:0327
RedHat Security Advisories: RHSA-2019:0229
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.