Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114201833301
HistoryJun 09, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2018:3330-1)

2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
5

7 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2018.3330.1");
  script_cve_id("CVE-2017-9611", "CVE-2018-15910", "CVE-2018-16509", "CVE-2018-16511", "CVE-2018-16513", "CVE-2018-16540", "CVE-2018-16541", "CVE-2018-16542");
  script_tag(name:"creation_date", value:"2021-06-09 14:57:35 +0000 (Wed, 09 Jun 2021)");
  script_version("2024-02-02T14:37:50+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-30 18:31:39 +0000 (Tue, 30 Oct 2018)");

  script_name("SUSE: Security Advisory (SUSE-SU-2018:3330-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0SP3|SLES11\.0SP4)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:3330-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20183330-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'ghostscript-library' package(s) announced via the SUSE-SU-2018:3330-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for ghostscript-library fixes the following issues:
CVE-2018-16511: A type confusion in 'ztype' could be used by remote
 attackers able to supply crafted PostScript to crash the interpreter or
 possibly have unspecified other impact. (bsc#1107426)

CVE-2018-16540: Attackers able to supply crafted PostScript files to the
 builtin PDF14 converter could use a use-after-free in copydevice
 handling to crash the interpreter or possibly have unspecified other
 impact. (bsc#1107420)

CVE-2018-16541: Attackers able to supply crafted PostScript files could
 use incorrect free logic in pagedevice replacement to crash the
 interpreter. (bsc#1107421)

CVE-2018-16542: Attackers able to supply crafted PostScript files could
 use insufficient interpreter stack-size checking during error handling
 to crash the interpreter. (bsc#1107413)

CVE-2018-16509: Incorrect 'restoration of privilege' checking during
 handling of /invalidaccess exceptions could be used by attackers able to
 supply crafted PostScript to execute code using the 'pipe' instruction.
 (bsc#1107410

CVE-2018-16513: Attackers able to supply crafted PostScript files could
 use a type confusion in the setcolor function to crash the interpreter
 or possibly have unspecified other impact. (bsc#1107412)

CVE-2018-15910: Attackers able to supply crafted PostScript files could
 use a type confusion in the LockDistillerParams parameter to crash the
 interpreter or execute code. (bsc#1106173)

CVE-2017-9611: The Ins_MIRP function allowed remote attackers to cause a
 denial of service (heap-based buffer over-read and application crash) or
 possibly have unspecified other impact via a crafted document.
 (bsc#1050893)");

  script_tag(name:"affected", value:"'ghostscript-library' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES11.0SP3") {

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-other", rpm:"ghostscript-fonts-other~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-rus", rpm:"ghostscript-fonts-rus~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-std", rpm:"ghostscript-fonts-std~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-library", rpm:"ghostscript-library~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-omni", rpm:"ghostscript-omni~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-x11", rpm:"ghostscript-x11~8.62~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgimpprint", rpm:"libgimpprint~4.2.7~32.47.13.1", rls:"SLES11.0SP3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES11.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-other", rpm:"ghostscript-fonts-other~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-rus", rpm:"ghostscript-fonts-rus~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-fonts-std", rpm:"ghostscript-fonts-std~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-library", rpm:"ghostscript-library~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-omni", rpm:"ghostscript-omni~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ghostscript-x11", rpm:"ghostscript-x11~8.62~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgimpprint", rpm:"libgimpprint~4.2.7~32.47.13.1", rls:"SLES11.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 47
openvas 26
ibm 1
oraclelinux 3
redhat 3
debian 3
amazon 2
centos 3
osv 7
mageia 1
redhatcve 29
suse 2
ubuntu 1
f5 2
fedora 3
prion 11
debiancve 11
cve 10
veracode 7
alpinelinux 2
ubuntucve 10
cvelist 11
gentoo 1
checkpoint_advisories 1
cert 1
slackware 1
nessus
nessus
SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:3330-1)
2018-10-24 00:00:00
EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2018-1430)
2018-12-28 00:00:00
Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2018-2918)
2018-11-21 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2018-1430)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2018-1404)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1176)
2020-01-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM
2018-12-17 14:30:02
oraclelinux
oraclelinux
ghostscript security update
2018-10-15 00:00:00
ghostscript security and bug fix update
2018-12-03 00:00:00
ghostscript security update
2018-12-03 00:00:00
redhat
redhat
(RHSA-2018:2918) Important: ghostscript security update
2018-10-16 01:32:18
(RHSA-2018:3760) Important: ghostscript security update
2018-12-03 21:13:23
(RHSA-2018:3761) Important: ghostscript security and bug fix update
2018-12-03 21:13:39
debian
debian
[SECURITY] [DSA 4288-1] ghostscript security update
2018-09-07 21:23:53
[SECURITY] [DLA 1504-1] ghostscript security update
2018-09-13 12:24:09
[SECURITY] [DSA 4294-1] ghostscript security update
2018-09-16 20:50:02
amazon
amazon
Important: ghostscript
2018-10-08 22:17:00
Important: ghostscript
2018-12-20 00:04:00
centos
centos
ghostscript security update
2018-10-15 21:01:33
ghostscript security update
2018-12-06 18:54:07
ghostscript security update
2018-12-13 20:45:18
osv
osv
ghostscript - security update
2018-09-07 00:00:00
ghostscript - security update
2018-09-13 00:00:00
CVE-2018-16513
2018-09-05 13:29:00
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2018-09-21 02:17:55
redhatcve
redhatcve
CVE-2018-16542
2018-09-06 04:49:22
CVE-2018-16540
2018-09-06 05:50:31
CVE-2018-15910
2018-08-28 00:51:08
suse
suse
Security update for ghostscript (important)
2018-10-05 21:10:24
Security update for ghostscript (important)
2018-10-05 21:13:14
ubuntu
ubuntu
Ghostscript vulnerabilities
2018-09-19 00:00:00
f5
f5
K22141757 : Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513
2019-11-05 00:00:00
K02495251 : Ghostscript vulnerability CVE-2018-16509 (VU#332928)
2018-09-26 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: ghostscript-9.22-5.fc27
2018-09-07 15:25:45
[SECURITY] Fedora 29 Update: ghostscript-9.24-3.fc29
2018-09-21 05:46:15
[SECURITY] Fedora 28 Update: ghostscript-9.24-1.fc28
2018-09-11 17:04:00
prion
prion
Heap overflow
2017-07-26 19:29:00
Type confusion
2018-09-05 13:29:00
Type confusion
2018-09-05 06:29:00
debiancve
debiancve
CVE-2017-9611
2017-07-26 19:29:00
CVE-2018-16511
2018-09-05 06:29:00
CVE-2018-16513
2018-09-05 13:29:00
cve
cve
CVE-2017-9611
2017-07-26 19:29:00
CVE-2018-15910
2018-08-27 17:29:00
CVE-2018-16513
2018-09-05 13:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:22:33
Remote Code Execution (RCE)
2019-05-16 03:38:03
Denial Of Service (DoS)
2019-05-16 03:56:21
alpinelinux
alpinelinux
CVE-2018-15910
2018-08-27 17:29:00
CVE-2018-16802
2018-09-10 16:29:00
ubuntucve
ubuntucve
CVE-2018-16513
2018-09-05 00:00:00
CVE-2018-15910
2018-08-27 00:00:00
CVE-2018-16542
2018-09-05 00:00:00
cvelist
cvelist
CVE-2018-16513
2018-09-05 13:00:00
CVE-2018-16540
2018-09-05 18:00:00
CVE-2018-16511
2018-09-05 06:00:00
gentoo
gentoo
GPL Ghostscript: Multiple vulnerabilities
2018-11-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Artifex Ghostscript Remote Code Execution (CVE-2018-16509)
2022-09-18 00:00:00
cert
cert
Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities
2018-08-21 00:00:00
slackware
slackware
[slackware-security] ghostscript
2018-09-13 22:03:55

7 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:13614125623114201833301
nessus47openvas26ibm1oraclelinux3redhat3debian3amazon2centos3osv7mageia1redhatcve29suse2ubuntu1f52fedora3prion11debiancve11cve10veracode7alpinelinux2ubuntucve10cvelist11gentoo1checkpoint_advisories1cert1slackware1