OPENSUSE-SU-2019:2223-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. bsc1129180 - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators...

MGASA-2019-0271 Updated ghostscript packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator. CVE-2019-14811 Safer Mode Bypass by .forceput Exposure in setuserparams. CVE-2019-14812 Safer Mode Bypass by .forceput Exposure in setsystemparams. CVE-2019-14813 Safer Mode Bypass by...

SUSE-SU-2019:2348-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file bsc1144621...

MGASA-2019-0188 Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

MGASA-2019-0130 Updated ghostscript packages fix security vulnerability

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...

SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2018:2976-1)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...

SUSE-SU-2018:4087-1 Security update for ghostscript

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c bsc1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c bsc1117313 - CVE-2018-19477:...

SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-1)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...

MGASA-2018-0378 Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...

SUSE-SU-2018:1884-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted P...

SUSE-SU-2018:0407-1 Security update for ghostscript

This update for ghostscript fixes several issues. These security issues were fixed: - CVE-2017-9835: The gsallocrefarray function allowed remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScri...

MGASA-2017-0355 Updated ghostscript packages fix security vulnerabilities

The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document. CVE-2017-9611 The InsIP function in base/ttinterp.c...

CentOS Update for ghostscript CESA-2017:1230 centos6

Check the version of ghostscript SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882716";...

SUSE-SU-2017:1138-1 Security update for ghostscript

This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. bsc1036453 CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to...

SUSE-SU-2016:2493-1 Security update for ghostscript-library

This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's '-dsafer' flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted...

MGASA-2015-0308 Updated ghostscript package fixes security vulnerability

GhostScript is vulnerable to an integer overflow when processing a crafted PostScript file using the ps2pdf command CVE-2015-3228...

Ghostscript: Insecure temporary file use in multiple scripts

Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...

Important: Red Hat Security Advisory: ghostscript security update

A ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript...

Important: Red Hat Security Advisory: ghostscript security update

Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...

CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...