Lucene search
OracleLinuxELSA-2019-0971HistoryJul 30, 2019 - 12:00 a.m.
ghostscript security update
2019-07-3000:00:00
linux.oracle.com
13
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
[9.25-2.1]
- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116 - Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
is available (700585) - Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576) - fix included for ghostscript: Regression: double comment chars
‘%’ in gs_init.ps leading to missing metadata - fix for pdf2dsc regression added to allow fix for CVE-2019-3839
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | ghostscript | < 9.25-2.el8_0.1 | ghostscript-9.25-2.el8_0.1.src.rpm |
| oracle linux | 8 | aarch64 | ghostscript | < 9.25-2.el8_0.1 | ghostscript-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | noarch | ghostscript-doc | < 9.25-2.el8_0.1 | ghostscript-doc-9.25-2.el8_0.1.noarch.rpm |
| oracle linux | 8 | aarch64 | ghostscript-tools-dvipdf | < 9.25-2.el8_0.1 | ghostscript-tools-dvipdf-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | aarch64 | ghostscript-tools-fonts | < 9.25-2.el8_0.1 | ghostscript-tools-fonts-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | aarch64 | ghostscript-tools-printing | < 9.25-2.el8_0.1 | ghostscript-tools-printing-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | aarch64 | ghostscript-x11 | < 9.25-2.el8_0.1 | ghostscript-x11-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | aarch64 | libgs | < 9.25-2.el8_0.1 | libgs-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | aarch64 | libgs-devel | < 9.25-2.el8_0.1 | libgs-devel-9.25-2.el8_0.1.aarch64.rpm |
| oracle linux | 8 | src | ghostscript | < 9.25-2.el8_0.1 | ghostscript-9.25-2.el8_0.1.src.rpm |
Related
nessus
nessus
Oracle Linux 8 : ghostscript (ELSA-2019-0971)
2019-08-12 00:00:00
CentOS 8 : ghostscript (CESA-2019:0971)
2021-01-29 00:00:00
redhat
redhat
(RHSA-2019:0971) Important: ghostscript security update
2019-05-07 03:38:38
(RHSA-2019:1017) Important: ghostscript security update
2019-05-07 15:56:03
(RHSA-2019:0633) Important: ghostscript security and bug fix update
2019-03-21 14:16:53
openvas
openvas
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1613)
2020-01-23 00:00:00
Fedora Update for ghostscript FEDORA-2019-1a2c059afd
2019-05-07 00:00:00
Slackware: Security Advisory (SSA:2019-092-01)
2022-04-21 00:00:00
slackware
slackware
[slackware-security] ghostscript
2019-04-02 21:14:35
archlinux
archlinux
[ASA-201904-5] ghostscript: sandbox escape
2019-04-11 00:00:00
[ASA-201901-18] ghostscript: sandbox escape
2019-01-29 00:00:00
mageia
mageia
Updated ghostscript packages fix security vulnerability
2019-04-05 21:12:59
Updated ghostscript packages fix security vulnerability
2019-06-10 22:17:03
Updated ghostscript packages fix a security vulnerability
2019-01-30 22:39:18
fedora
fedora
[SECURITY] Fedora 29 Update: ghostscript-9.26-4.fc29
2019-03-31 03:02:07
[SECURITY] Fedora 29 Update: ghostscript-9.26-5.fc29
2019-08-21 02:11:54
[SECURITY] Fedora 30 Update: ghostscript-9.26-4.fc30
2019-03-31 00:06:16
osv
osv
CVE-2019-3839
2019-05-16 19:29:05
ghostscript - security update
2019-04-23 00:00:00
ghostscript - security update
2019-04-16 00:00:00
prion
prion
Design/Logic Flaw
2019-05-16 19:29:00
Remote code execution
2019-03-21 16:01:00
Design/Logic Flaw
2019-03-25 19:29:00
centos
centos
ghostscript security update
2019-05-13 15:09:20
ghostscript security update
2019-03-25 17:33:17
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
Authorization Bypass
2019-05-16 03:39:14
Remote Code Execution (RCE)
2019-05-16 03:56:21
Access Restriction Bypass
2019-05-16 03:58:46
oraclelinux
oraclelinux
ghostscript security and bug fix update
2019-03-21 00:00:00
ghostscript security update
2019-05-07 00:00:00
cve
cve
ibm
ibm
Security Bulletin: Vulnerabiliies in ghostscript affect PowerKVM
2019-05-17 16:05:02
debian
debian
[SECURITY] [DSA 4432-1] ghostscript security update
2019-04-16 19:55:50
[SECURITY] [DLA 1761-1] ghostscript security update
2019-04-23 11:56:16
[SECURITY] [DSA 4432-1] ghostscript security update
2019-04-16 19:55:50
freebsd
freebsd
Ghostscript -- Security bypass vulnerability
2019-03-21 00:00:00
ubuntu
ubuntu
Ghostscript vulnerabilities
2019-03-21 00:00:00
Ghostscript vulnerability
2019-01-23 00:00:00
Ghostscript vulnerability
2019-05-08 00:00:00
redhatcve
redhatcve
gentoo
gentoo
GPL Ghostscript: Multiple vulnerabilities
2020-04-01 00:00:00
suse
suse
Security update for ghostscript (important)
2019-01-31 00:00:00
Security update for ghostscript (important)
2019-01-31 00:00:00
Security update for ghostscript (important)
2019-04-02 00:00:00
zdt
zdt
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit
2019-01-24 00:00:00
alpinelinux
alpinelinux
amazon
amazon
Important: ghostscript
2021-02-17 00:58:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for ELSA-2019-0971