Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in Artifex Ghostscript. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-16539 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to obtain sensitive information, caused by improper access checking in te...

The vulnerability in the code of “psi/zdevice2.c” of the software for processing, transforming, and generating Ghostscript documents, related to setcolorspace errors, allows an intruder to circumvent the established access control measures.

The vulnerability in the code of “psi/zdevice2.c” of the software suite for processing, transforming, and generating Ghostscript documents is related to setcolorspace type errors. Exploiting this vulnerability can allow an attacker to bypass established access controls...

The vulnerability in the code of “psi/zdevice2.c” of the software suite for processing, transforming, and generating Ghostscript documents, related to JBIG2Decode errors, allows an intruder to circumvent the established access control measures.

The vulnerability in the code of “psi/zdevice2.c” of the software suite for processing, transforming, and generating Ghostscript documents is related to errors of the JBIG2Decode type. Exploiting this vulnerability can allow an attacker to bypass established access controls...

The vulnerability in the code of “psi/zdevice2.c” of the software for processing, transforming, and generating Ghostscript documents is related to the lack of checking available memory on the stack. This allows an attacker to bypass the established access controls.

The vulnerability in the code of “psi/zdevice2.c” of the software for processing, transforming, and generating Ghostscript documents is related to the lack of checking available memory on the stack when the output device remains unchanged. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the 1Policy procedure (the “forceput” version of the procedure) for software that processes, transforms, and generates Ghostscript documents involves a possibility to bypass the environment for secure execution. This allows a perpetrator to execute arbitrary code.

The vulnerability of the 1Policy procedure the “forceput” version of the procedure in the software for processing, transforming, and generating Ghostscript documents is related to the possibility of circumventing the environment for secure execution, even when the -dSAFER option is used. Exploiti...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript regression (USN-3866-3)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-3 advisory. USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being...

Ubuntu: Security Advisory (USN-3866-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3866-3: Ghostscript regression

USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain...

USN-3866-3 ghostscript regression

USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript regression (USN-3866-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-2 advisory. USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. Thi...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1049)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling CVE-2018-16802 - ghostscript...

Ubuntu: Security Advisory (USN-3866-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3866-2: Ghostscript regression

USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or...

USN-3866-2 ghostscript regression

USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or...

Fedora 28 : ghostscript (2019-82acb29c1b)

rebase to latest upstream version 9.26 - Security fix for CVE-2018-19478 CVE-2018-19134 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19409 CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 Note that Tenable Network Security has extracted the preceding description block directly from the...

The vulnerability of the software for processing, transforming, and generating Ghostscript documents, related to errors in the code, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or trigger a service failure using a specially crafted PostScript file...

[SECURITY] Fedora 28 Update: ghostscript-9.26-1.fc28

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...

Fedora Update for ghostscript FEDORA-2019-82acb29c1b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1022)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling CVE-2018-16802 - ghostscript...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1023)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: gssetresolution and gsgetresolution memory corruptionCVE-2018-16543 - ghostscript: use-after-free in copydevice...