ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317)

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

ghostscript: access bypass in psi/zdevice2.c (700153)

No description is available for this CVE...

ghostscript: use-after-free in copydevice handling (699661)

It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...

Security update for ghostscript (important)

openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:0104-1 Rating: important References: 1122319 Cross-References: CVE-2019-6116 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Security update for ghostscript (important)

openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:0103-1 Rating: important References: 1122319 Cross-References: CVE-2019-6116 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for...

ghostscript security and bug fix update

9.07-31.el76.9 - Related: 1667442 - CVE-2019-6116 - added missing parts of patch 9.07-31.el76.8 - Resolves: 1667442 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators 9.07-31.el76.7 - Resolves: 1665919 pdf2ps reports an error when reading from std...

MGASA-2019-0056 Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

[ASA-201901-18] ghostscript: sandbox escape

Arch Linux Security Advisory ASA-201901-18 ========================================== Severity: High Date : 2019-01-29 CVE-ID : CVE-2019-6116 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-860 Summary ======= The package ghostscript before versi...

Debian DSA-4372-1 : ghostscript - security update

Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER sandbox being enabled. C Tenable Network Security, Inc. The...

[SECURITY] [DSA 4372-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4372-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...

DSA-4372-1 ghostscript - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4372-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:0144-1)

This update for ghostscript to version 9.26a fixes the following issues : Security issue fixed : CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319 Note that Tenable Network Security has extracted the preceding description block directly from the SUS...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerability (USN-3866-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-1 advisory. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just...

Artifex Software Ghostscript Sandbox Bypass Vulnerability

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

Ubuntu: Security Advisory (USN-3866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...