Debian: Security Advisory (DSA-1021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 792-1 (pstotext)

The remote host is missing an update to pstotext announced via advisory DSA 792-1. Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen. For the...

Debian Security Advisory DSA 1021-1 (netpbm-free)

The remote host is missing an update to netpbm-free announced via advisory DSA 1021-1. Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of...

Debian Security Advisory DSA 284-1 (kdegraphics)

The remote host is missing an update to kdegraphics announced via advisory DSA 284-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian Security Advisory DSA 296-1 (kdebase)

The remote host is missing an update to kdebase announced via advisory DSA 296-1. OpenVAS Vulnerability Test $Id: deb2961.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 296-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 284-1 (kdegraphics)

The remote host is missing an update to kdegraphics announced via advisory DSA 284-1. OpenVAS Vulnerability Test $Id: deb2841.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 284-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 296-1 (kdebase)

The remote host is missing an update to kdebase announced via advisory DSA 296-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.10 / 7.04 / 7.10 : ghostscript, gs-gpl vulnerability (USN-501-2)

USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause...

USN-501-2: Ghostscript vulnerability

USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. Original advisory details: It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a...

Moderate: pam security and bug fix update

cdrtools-2.01.0.a32-0.EL3.6 2.01.0.a32-0.EL3.6 - fix for CVE-2004-0813 - cdrecord and readcd are now suid, but with a pamconsole check - Resolves: rhbz232096 2.01.0.a32-0.EL3.3 - fix for CAN-2005-0866 "cdrecord insecure temporary file" 2.01.0.a32-0.EL3.2 - added patch for CAN-2004-0806, if s.o. w...

MDKA-2006:018 : ghostscript

A number of bugs have been corrected with this latest ghostscript package including a fix when rendering imaged when converting PostScript to PDF with ps2pdf, a crash when generating PDF files with the pdfwrite device, several segfaults, a fix for vertical japanese text, and a number of other...

MDKA-2005:045 : ghostscript

New ghostscript packages are now available that provide ghostscript 8.15.1 final and provide a number of bug fixes, including: A fix for vertical japanese text. A memory overflow in the 'lips4' driver was fixed. A double-free in gsdevice.c was fixed. A SEGV in the 'inferno' driver was fixed; this...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

CentOS 3 : ghostscript (CESA-2005:081)

Updated ghostscript packages that fix a PDF output issue and a temporary file security bug are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript...

FreeBSD : ghostscript -- insecure temporary file creation vulnerability (27a70a01-5f6c-11da-8d54-000cf18bbe54)

Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges...

[SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1021-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 28th, 2006 http://www.debian.org/security/faq -...

DSA-1021-1 netpbm-free - insecure program execution

Bulletin has no description...

Ubuntu 4.10 / 5.04 : tiff vulnerability (USN-130-1)

Tavis Ormandy discovered a buffer overflow in the TIFF library. A malicious image with an invalid 'bits per sample' number could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library. Since this library is used ...

Ubuntu 4.10 : GhostScript utility script vulnerabilities (USN-3-1)

Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities 'pv.sh' and 'ps2epsi' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Note...

Ubuntu 4.10 : tiff vulnerability (USN-46-1)

A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of 'directory entry' header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would hav...