Lucene search
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-2460-1.NASLHistorySep 26, 2019 - 12:00 a.m.
SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:2460-1)
2019-09-2600:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
This update for ghostscript fixes the following issues :
Security issues fixed :
CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180)
CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156)
CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882)
CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882)
CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882)
CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2460-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(129381);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");
script_cve_id(
"CVE-2019-3835",
"CVE-2019-3839",
"CVE-2019-12973",
"CVE-2019-14811",
"CVE-2019-14812",
"CVE-2019-14813",
"CVE-2019-14817"
);
script_xref(name:"IAVB", value:"2019-B-0081-S");
script_name(english:"SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:2460-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for ghostscript fixes the following issues :
Security issues fixed :
CVE-2019-3835: Fixed an unauthorized file system access caused by an
available superexec operator. (bsc#1129180)
CVE-2019-3839: Fixed an unauthorized file system access caused by
available privileged operators. (bsc#1134156)
CVE-2019-12973: Fixed a denial-of-service vulnerability in the
OpenJPEG function opj_t1_encode_cblks. (bsc#1140359)
CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in
.pdf_hook_DSC_Creator. (bsc#1146882)
CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in
setuserparams. (bsc#1146882)
CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in
setsystemparams. (bsc#1146882)
CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in
.pdfexectoken and other procedures. (bsc#1146884)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129180");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129186");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134156");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1140359");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146882");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146884");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12973/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14811/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14812/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14813/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14817/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3835/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3839/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20192460-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e6b42cd");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2460=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2019-2460=1
SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2019-2460=1
SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-2460=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14813");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-mini");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-mini-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-mini-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-mini-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ghostscript-x11-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-mini-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-mini-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-mini-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-mini-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-x11-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"ghostscript-x11-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-mini-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-mini-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-mini-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-mini-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-x11-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"ghostscript-x11-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-mini-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-mini-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-mini-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-mini-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-x11-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"ghostscript-x11-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-mini-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-mini-debuginfo-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-mini-debugsource-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-mini-devel-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-x11-9.27-3.21.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"ghostscript-x11-debuginfo-9.27-3.21.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | ghostscript | p-cpe:/a:novell:suse_linux:ghostscript |
| novell | suse_linux | ghostscript-debuginfo | p-cpe:/a:novell:suse_linux:ghostscript-debuginfo |
| novell | suse_linux | ghostscript-debugsource | p-cpe:/a:novell:suse_linux:ghostscript-debugsource |
| novell | suse_linux | ghostscript-devel | p-cpe:/a:novell:suse_linux:ghostscript-devel |
| novell | suse_linux | ghostscript-mini | p-cpe:/a:novell:suse_linux:ghostscript-mini |
| novell | suse_linux | ghostscript-mini-debuginfo | p-cpe:/a:novell:suse_linux:ghostscript-mini-debuginfo |
| novell | suse_linux | ghostscript-mini-debugsource | p-cpe:/a:novell:suse_linux:ghostscript-mini-debugsource |
| novell | suse_linux | ghostscript-mini-devel | p-cpe:/a:novell:suse_linux:ghostscript-mini-devel |
| novell | suse_linux | ghostscript-x11 | p-cpe:/a:novell:suse_linux:ghostscript-x11 |
| novell | suse_linux | ghostscript-x11-debuginfo | p-cpe:/a:novell:suse_linux:ghostscript-x11-debuginfo |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3839
www.nessus.org/u?4e6b42cd
bugzilla.suse.com/show_bug.cgi?id=1129180
bugzilla.suse.com/show_bug.cgi?id=1129186
bugzilla.suse.com/show_bug.cgi?id=1134156
bugzilla.suse.com/show_bug.cgi?id=1140359
bugzilla.suse.com/show_bug.cgi?id=1146882
bugzilla.suse.com/show_bug.cgi?id=1146884
www.suse.com/security/cve/CVE-2019-12973/
www.suse.com/security/cve/CVE-2019-14811/
www.suse.com/security/cve/CVE-2019-14812/
www.suse.com/security/cve/CVE-2019-14813/
www.suse.com/security/cve/CVE-2019-14817/
www.suse.com/security/cve/CVE-2019-3835/
www.suse.com/security/cve/CVE-2019-3839/
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2478-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for ghostscript (openSUSE-SU-2019:2223-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2460-1)
2021-06-09 00:00:00
suse
suse
Security update for ghostscript (important)
2019-09-30 00:00:00
Security update for ghostscript (important)
2019-09-30 00:00:00
nessus
nessus
openSUSE Security Update : ghostscript (openSUSE-2019-2222)
2019-10-01 00:00:00
SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:2478-1)
2019-09-27 00:00:00
openSUSE Security Update : ghostscript (openSUSE-2019-2223)
2019-10-01 00:00:00
oraclelinux
oraclelinux
ghostscript security update
2019-09-06 00:00:00
ghostscript security update
2019-09-02 00:00:00
ghostscript security update
2019-07-30 00:00:00
osv
osv
ghostscript - security update
2019-09-07 00:00:00
ghostscript - security update
2019-09-09 00:00:00
CVE-2019-14813
2019-09-06 14:15:15
debian
debian
[SECURITY] [DLA 1915-1] ghostscript security update
2019-09-09 12:09:00
[SECURITY] [DSA 4518-1] ghostscript security update
2019-09-07 15:42:39
[SECURITY] [DSA 4518-1] ghostscript security update
2019-09-07 15:42:56
freebsd
freebsd
Ghostscript -- Security bypass vulnerabilities
2019-08-20 00:00:00
redhat
redhat
(RHSA-2019:2586) Important: ghostscript security update
2019-09-02 07:04:45
(RHSA-2019:2591) Important: ghostscript security update
2019-09-02 07:36:36
centos
centos
ghostscript, libgs security update
2019-09-18 18:44:20
ghostscript security update
2019-05-13 15:09:20
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2019-09-12 22:09:52
Updated openjpeg2 packages fix security vulnerability
2019-12-06 17:15:42
archlinux
archlinux
[ASA-201911-5] ghostscript: sandbox escape
2019-11-03 00:00:00
ubuntu
ubuntu
Ghostscript vulnerabilities
2019-08-29 00:00:00
Ghostscript vulnerability
2019-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ghostscript-9.27-1.fc31
2019-09-22 01:23:29
[SECURITY] Fedora 29 Update: ghostscript-9.27-1.fc29
2019-09-28 01:56:58
[SECURITY] Fedora 30 Update: ghostscript-9.27-1.fc30
2019-09-25 01:09:18
gentoo
gentoo
GPL Ghostscript: Multiple vulnerabilities
2020-04-01 00:00:00
amazon
amazon
Important: ghostscript
2021-02-17 00:58:00
Low: ghostscript
2023-03-17 16:35:00
alpinelinux
alpinelinux
cvelist
cvelist
prion
prion
Command injection
2019-09-03 16:15:00
Command injection
2019-09-06 14:15:00
Command injection
2019-09-03 16:15:00
veracode
veracode
Safer Restriction Bypass
2019-09-03 00:20:39
Denial Of Service (DoS)
2020-09-18 07:31:19
Safer Restriction Bypass
2019-09-03 00:20:36
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
redhatcve
redhatcve
symantec
symantec
Artifex Ghostscript CVE-2019-14812 Remote Privilege Escalation Vulnerability
2019-08-20 00:00:00
Related for SUSE_SU-2019-2460-1.NASL