PT-2019-3236 · Artifex +5 · Ghostscript +5

Name of the Vulnerable Software and Affected Versions: Ghostscript versions 9.x before 9.50 Description: A flaw in the .setuserparams2 procedure of Ghostscript allows scripts to bypass -dSAFER restrictions by not properly securing its privileged calls. This enables a specially crafted PostScript...

Ghostscript -- Security bypass vulnerabilities

Cedric Buissart Red Hat reports: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protecti...

ghostscript security update

9.25-2.1 - Resolves: 1737338 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 701394...

Debian DLA-1880-1 : ghostscript security update

Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 'Jessie', this problem has been fixed in version...

Debian: Security Advisory (DLA-1880-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1880-1] ghostscript security update

Package : ghostscript Version : 9.26adfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638 Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions ...

Privilege Escalation

ghostscript is vulnerable to privilege escalation. The vulnerability exists due to improperly secured privileged calls of .buildfont1. An attacker could access the files outside the restricted areas by creating a specially crafted PostScript file that could escalate privileges...

CVE-2019-10216: ghostscript sandbox bypasses command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 months 2 days late, Artifex official in ghostscriptf the master branch on the commit merge Bug 701394 repair. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can be directly, bypassing the ghostscript security sandbox, the attacker can read any file or command executio...

ghostscript security update

9.25-2.2 - Resolves: 1737336 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 701394...

Artifex Software Ghostscript Sandbox Bypass Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

DLA-1880-1 ghostscript - security update

Bulletin has no description...

RHEL 8 : ghostscript (RHSA-2019:2465)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2465 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

Debian: Security Advisory (DSA-4499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : ghostscript (RHSA-2019:2462)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2462 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

Ubuntu: Security Advisory (USN-4092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4499-1 : ghostscript - security update

Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive text and package checks...

Ubuntu 16.04 LTS / 18.04 LTS : Ghostscript vulnerability (USN-4092-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4092-1 advisory. Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. ...

ghostscript security, bug fix, and enhancement update

9.25-2 - obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel 9.25-1 - Rebase to latest upstream version bug 1636115 - Resolves: 1673399 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: 1678172 - CVE-2019-3835 ghostscript: superexec...

[SECURITY] [DSA 4499-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4499-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4499-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2019 https://www.debian.org/security/faq -...