openSUSE Security Update : ghostscript (openSUSE-2019-505)

This update for ghostscript fixes the following issues : - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted...

openSUSE Security Update : ghostscript (openSUSE-2019-1007)

This update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c bsc1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c bsc1117313 - CVE-2018-19477...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1092)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c 700153 CVE-2018-19475 - ghostscript: access bypass in psi/zicc.c 700169 CVE-2018-19476 -...

CentOS 7 : ghostscript (CESA-2019:0633)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ALPINE-CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

DEBIAN-CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

ALPINE-CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

DEBIAN-CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

Design/Logic Flaw

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

Design/Logic Flaw

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3835

CVE-2019-3835 affects Ghostscript prior to 9.27. A specially crafted PostScript file could cause a sandbox escape by abusing the internal superexec operator, allowing access to the filesystem outside -dSAFER. The issue was part of sandbox bypasses tied to various operators and has been fixed upst...

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

Ghostscript prior to 9.27 is vulnerable to sandbox escape via crafted PostScript (CVE-2019-3835, CVE-2019-3838). The flaws enable access to the filesystem outside -dSAFER by exploiting the superexec/forceput paths in the internal dictionary. Upstream fixes are in 9.27; Arch Linux advisory recomme...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

ghostscript security update

CentOS Errata and Security Advisory CESA-2019:0633 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190321)

Security Fixes : - ghostscript: superexec operator is available 700585 CVE-2019-3835 - ghostscript: forceput in DefineResource is still accessible 700576 CVE-2019-3838 Bug Fixes : - ghostscript: Regression: double comment chars '%%' in gsinit.ps leading to missing metadata C Tenable Network...

RHEL 7 : ghostscript (RHSA-2019:0633)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0633 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...