openSUSE Security Update : ImageMagick (openSUSE-2019-1320)

This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-7175: Fixed multiple memory leaks in...

UBUNTU-CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

Security update for ImageMagick (moderate)

openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2019:1331-1 Rating: moderate References: 1122033 1130330 1131317 1132054 1132060 Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-9956 Affected Products: openSUSE Leap 15.0 An update that...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution attacks. This vulnerability exists due to not validating the parametes of ghostscript function .initializedscparser before using it. Remote attackers could inject a specially crafted postscript document that could cause a crash code execution ...

Information Disclosure

ghostscript is vulnerable to information disclosure vulnerability. Remote attackers could bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document and access sensitive information...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DOS attacks. Remote attackers could execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack causing an application crash...

Fedora 30 : ghostscript (2019-d5d9cfd359)

Security fix for CVE-2019-3835 CVE-2019-3838 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

Fedora 30 : ghostscript (2019-9f06aa44f6)

Security fix for CVE-2019-6116 - Fix for bug 1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1289)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: superexec operator is available 700585 CVE-2019-3835 - ghostscript: forceput in DefineResource is still accessible 700576...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1288)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: superexec operator is available 700585 CVE-2019-3835 - ghostscript: forceput in DefineResource is still accessible 700576...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1290)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: superexec operator is available 700585 CVE-2019-3835 - ghostscript: forceput in DefineResource is still accessible 700576...

SUSE-SU-2018:4090-2 Security update for ghostscript

This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c bsc1117327 - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c bsc1117313 - CVE-2018-19477:...

SUSE-SU-2018:2975-3 Security update for ghostscript

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter, related to information disclosure, allows attackers to determine the presence and size of arbitrary files.

The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter is related to the state command, even when the dSAFER sandbox is used. Exploiting this vulnerability allows a remote attacker to determine the presence and size of arbitrary files...

Debian: Security Advisory (DLA-1761-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1761-1 : ghostscript security update

Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 'Jessie', these problems have been fixed in version 9.26adfsg-0+deb8u2. We recommend that you upgrade you...

[SECURITY] [DLA 1761-1] ghostscript security update

Package : ghostscript Version : 9.26adfsg-0+deb8u2 CVE ID : CVE-2019-3835 CVE-2019-3838 Debian Bug : 925256 925257 Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. For...

DLA-1761-1 ghostscript - security update

Bulletin has no description...

FreeBSD : Ghostscript -- Security bypass vulnerability (5ed7102e-6454-11e9-9a3a-001cc0382b2f)

Cedric Buissart Red Hat reports : It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...