Download
| Alert*
oval:org.secpod.oval:def:89043977
This update for ghostscript-library fixes the following issues: Security issue fixed: - CVE-2019-3838: Fixed various bugs which allows to reenable and misuse system Postscript operators to read files from within Postscript files and send them with the help of e.g. the %pipe% to the attacker . oval:org.secpod.oval:def:66426 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ... oval:org.secpod.oval:def:89003371 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER . oval:org.secpod.oval:def:70168 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:54507 Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. oval:org.secpod.oval:def:116224 This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ... oval:org.secpod.oval:def:116183 This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ... oval:org.secpod.oval:def:502692 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ... oval:org.secpod.oval:def:502630 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ... oval:org.secpod.oval:def:1502662 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:53579 The host is installed with Artifex Ghostscript before 9.27 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript file. Successful exploitation could allow attackers to use this flaw in order to, for example, have ... oval:org.secpod.oval:def:1502468 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603851 Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. oval:org.secpod.oval:def:205177 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ... oval:org.secpod.oval:def:2104528 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. oval:org.secpod.oval:def:704838 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1700556 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protec ... |