5485 matches found
ghostscript: access bypass in psi/zfjbig2.c (700168)
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion...
ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317)
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...
Important: Red Hat Security Advisory: ghostscript security and bug fix update
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
ghostscript security and bug fix update
9.07-31.el76.9 - Related: 1667442 - CVE-2019-6116 - added missing parts of patch 9.07-31.el76.8 - Resolves: 1667442 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators 9.07-31.el76.7 - Resolves: 1665919 pdf2ps reports an error when reading from std...
Security update for ghostscript (important)
openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:0103-1 Rating: important References: 1122319 Cross-References: CVE-2019-6116 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for...
Security update for ghostscript (important)
openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:0104-1 Rating: important References: 1122319 Cross-References: CVE-2019-6116 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
Updated ghostscript packages fix a security vulnerability
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...
MGASA-2019-0056 Updated ghostscript packages fix a security vulnerability
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...
[ASA-201901-18] ghostscript: sandbox escape
Arch Linux Security Advisory ASA-201901-18 ========================================== Severity: High Date : 2019-01-29 CVE-ID : CVE-2019-6116 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-860 Summary ======= The package ghostscript before versi...
Debian DSA-4372-1 : ghostscript - security update
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER sandbox being enabled. C Tenable Network Security, Inc. The...
[SECURITY] [DSA 4372-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4372-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...
DSA-4372-1 ghostscript - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4372-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...
SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:0144-1)
This update for ghostscript to version 9.26a fixes the following issues : Security issue fixed : CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319 Note that Tenable Network Security has extracted the preceding description block directly from the SUS...
Artifex Software Ghostscript Sandbox Bypass Vulnerability
Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...
Ubuntu: Security Advisory (USN-3866-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerability (USN-3866-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-1 advisory. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...