 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.881492 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for ghostscript CESA-2012:1256 centos6 |
| Zusammenfassung: | The remote host is missing an update for the 'ghostscript'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'ghostscript' package(s) announced via the referenced advisory. Vulnerability Insight: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schönefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: ghostscript on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-4405 1027517 http://www.securitytracker.com/id?1027517 50719 http://secunia.com/advisories/50719 55494 http://www.securityfocus.com/bid/55494 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2012:151 http://www.mandriva.com/security/advisories?name=MDVSA-2012:151 MDVSA-2013:089 http://www.mandriva.com/security/advisories?name=MDVSA-2013:089 MDVSA-2013:090 http://www.mandriva.com/security/advisories?name=MDVSA-2013:090 RHSA-2012:1256 http://rhn.redhat.com/errata/RHSA-2012-1256.html SUSE-SU-2012:1222 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html USN-1581-1 http://www.ubuntu.com/usn/USN-1581-1 [oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write http://www.openwall.com/lists/oss-security/2012/09/11/2 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301 icclib-pdf-bo(78411) https://exchange.xforce.ibmcloud.com/vulnerabilities/78411 openSUSE-SU-2012:1289 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html openSUSE-SU-2012:1290 http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |