Lucene search
OracleLinuxELSA-2018-3834HistoryDec 18, 2018 - 12:00 a.m.
ghostscript security and bug fix update
2018-12-1800:00:00
linux.oracle.com
68
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.1%
[9.07-31.el7_6.6]
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run–)
[9.07-31.el7_6.5] - Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664) - Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
exception table - Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays - Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183) - Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass - Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
[9.07-31.el7_6.4] - Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665) - Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect ‘restoration of
privilege’ checking when running out of stack during exception handling - Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.src.rpm |
| oracle linux | 7 | aarch64 | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.aarch64.rpm |
| oracle linux | 7 | aarch64 | ghostscript-cups | < 9.07-31.el7_6.6 | ghostscript-cups-9.07-31.el7_6.6.aarch64.rpm |
| oracle linux | 7 | aarch64 | ghostscript-devel | < 9.07-31.el7_6.6 | ghostscript-devel-9.07-31.el7_6.6.aarch64.rpm |
| oracle linux | 7 | noarch | ghostscript-doc | < 9.07-31.el7_6.6 | ghostscript-doc-9.07-31.el7_6.6.noarch.rpm |
| oracle linux | 7 | aarch64 | ghostscript-gtk | < 9.07-31.el7_6.6 | ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm |
| oracle linux | 7 | src | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.src.rpm |
| oracle linux | 7 | i686 | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.i686.rpm |
| oracle linux | 7 | x86_64 | ghostscript | < 9.07-31.el7_6.6 | ghostscript-9.07-31.el7_6.6.x86_64.rpm |
| oracle linux | 7 | x86_64 | ghostscript-cups | < 9.07-31.el7_6.6 | ghostscript-cups-9.07-31.el7_6.6.x86_64.rpm |
Related
nessus
nessus
Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20181217)
2018-12-27 00:00:00
RHEL 7 : ghostscript (RHSA-2018:3834)
2018-12-18 00:00:00
centos
centos
ghostscript security update
2018-12-19 03:22:11
redhat
redhat
(RHSA-2018:3834) Important: ghostscript security and bug fix update
2018-12-17 18:48:48
openvas
openvas
CentOS Update for ghostscript CESA-2018:3834 centos7
2018-12-19 00:00:00
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1384)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1004)
2020-01-23 00:00:00
debian
debian
[SECURITY] [DLA 1552-1] ghostscript security update
2018-10-22 12:22:38
[SECURITY] [DSA 4336-1] ghostscript security update
2018-11-10 15:45:21
[SECURITY] [DSA 4336-1] ghostscript security update
2018-11-10 15:45:21
archlinux
archlinux
[ASA-201811-3] ghostscript: sandbox escape
2018-11-06 00:00:00
ubuntu
ubuntu
Ghostscript vulnerabilities
2018-10-30 00:00:00
Ghostscript vulnerabilities
2018-10-01 00:00:00
Ghostscript vulnerabilities
2018-09-19 00:00:00
mageia
mageia
Updated ghostscript packages fix security vulnerabilities
2018-10-19 21:36:37
Updated ghostscript packages fix security vulnerabilities
2018-09-21 02:17:55
osv
osv
ghostscript - security update
2018-10-22 00:00:00
ghostscript - security update
2018-11-10 00:00:00
CVE-2018-17961
2018-10-15 16:29:02
fedora
fedora
[SECURITY] Fedora 28 Update: ghostscript-9.26-1.fc28
2019-02-18 01:27:21
[SECURITY] Fedora 29 Update: ghostscript-9.26-1.fc29
2019-02-12 02:58:39
[SECURITY] Fedora 29 Update: ghostscript-9.24-3.fc29
2018-09-21 05:46:15
suse
suse
Security update for ghostscript (important)
2018-12-15 12:10:58
Security update for ghostscript (important)
2018-12-15 12:14:29
Security update for ghostscript (important)
2018-10-05 21:10:24
prion
prion
debiancve
debiancve
alpinelinux
alpinelinux
cve
cve
ubuntucve
ubuntucve
oraclelinux
oraclelinux
ghostscript security, bug fix, and enhancement update
2019-08-13 00:00:00
redhatcve
redhatcve
f5
f5
amazon
amazon
Important: ghostscript
2021-02-17 00:58:00
Important: ghostscript
2018-10-08 22:17:00
zdt
zdt
ghostscript - executeonly Bypass with errorhandler Setup Exploit
2018-10-10 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-16 03:23:47
Denial Of Service (DoS)
2019-05-16 03:23:47
Arbitrary Code Execution
2019-05-16 03:23:47
gentoo
gentoo
GPL Ghostscript: Multiple vulnerabilities
2018-11-24 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.1%
Related for ELSA-2018-3834