MiracleLinux 4 : ghostscript-8.70-23.AXS4.2 (AXSA:2017-1651:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1651:03 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

MiracleLinux 7 : ghostscript-9.07-20.el7.5 (AXSA:2017-1650:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1650:03 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima,...

SUSE: Security Advisory (SUSE-SU-2017:1322-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:1153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:1138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:1404-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2017-1100)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2017-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0097)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted...

OracleVM 3.3 / 3.4 : ghostscript (OVMSA-2018-0285)

The remote OracleVM system is missing necessary patches to address critical security updates : - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch - Resolves: 1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass...

ghostscript security update

8.70-24.el610.2 - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch 8.70-24.el610.1 - Resolves: 1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore 8.70-24 - Added security fix for CVE-2017-82...

Security Bulletin: A vulnerability in ghostscript affects PowerKVM

Summary PowerKVM is affected by a vulnerability in ghostscript. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-8291 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to execute arbitrary commands on the system. By using .rsdparams type confusion with ...

Basecamp: Remote code execution on Basecamp.com

A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...

Oracle Linux 7 : ghostscript (ELSA-2017-2180)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2180 advisory. - Security fix for CVE-2017-8291 updated to address SIGSEGV - Added security fix for CVE-2017-8291 bug 1446063 - Added security fix for CVE-2017-7207 bug 143435...

ghostscript security and bug fix update

9.07-28 - Security fix for CVE-2017-8291 updated to address SIGSEGV 9.07-27 - Added security fix for CVE-2017-8291 bug 1446063 9.07-26 - Updated requirements for lcms2 to avoid possible issues in the future 9.07-25 - Added security fix for CVE-2017-7207 bug 1434353 - Added explicit requirement fo...

Fedora 26 : ghostscript (2017-a606d224a5)

Security fixes release for these CVEs : - CVE-2016-10217 use-after-free and application crash - CVE-2016-10218 NULL pointer dereference and application crash - CVE-2016-10219 divide-by-zero error and application crash - CVE-2016-10220 NULL pointer dereference and application crash - CVE-2017-5951...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1101)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a...

EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1100)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a...

Amazon Linux AMI : ghostscript (ALAS-2017-837)

It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. CVE-2017-8291 C...