Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.1140.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1140-1)
Summary:The remote host is missing an update for the 'ghostscript-library' package(s) announced via the SUSE-SU-2018:1140-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ghostscript-library' package(s) announced via the SUSE-SU-2018:1140-1 advisory.

Vulnerability Insight:
This update for ghostscript-library fixes several issues.
These security issues were fixed:
- CVE-2017-7207: The mem_get_bits_rectangle function allowed remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted PostScript document (bsc#1030263).
- CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer
overflow in jbig2_image_new function (bsc#1018128).
- CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote
attackers to cause a denial of service (use-after-free and application
crash)
or possibly have unspecified other impact via a crafted document
(bsc#1050891)
- CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) or possibly have unspecified other impact via a
crafted document (bsc#1050889)
- CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) or possibly have unspecified other
impact via a crafted document (bsc#1050888)
- CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) or possibly have unspecified other impact via a
crafted document (bsc#1050887)
- CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state
structure, which allowed remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PostScript document, related to an out-of-bounds read in the
igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184)
- CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers
to cause a denial of service (heap-based buffer overflow and application
crash) or possibly have unspecified other impact via a crafted
PostScript document (bsc#1050879)
- CVE-2016-10219: The intersect function in base/gxfill.c allowed remote
attackers to cause a denial of service (divide-by-zero error and
application crash) via a crafted file (bsc#1032138)
- CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c which allowed for DoS (bsc#1040643)

Affected Software/OS:
'ghostscript-library' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-9601
BugTraq ID: 97095
http://www.securityfocus.com/bid/97095
Debian Security Information: DSA-3817 (Google Search)
https://www.debian.org/security/2017/dsa-3817
https://security.gentoo.org/glsa/201706-24
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601
Common Vulnerability Exposure (CVE) ID: CVE-2017-7207
BugTraq ID: 96995
http://www.securityfocus.com/bid/96995
Debian Security Information: DSA-3838 (Google Search)
http://www.debian.org/security/2017/dsa-3838
https://security.gentoo.org/glsa/201708-06
RedHat Security Advisories: RHSA-2017:2180
https://access.redhat.com/errata/RHSA-2017:2180
http://www.securitytracker.com/id/1039071
Common Vulnerability Exposure (CVE) ID: CVE-2017-9216
BugTraq ID: 98680
http://www.securityfocus.com/bid/98680
https://bugs.ghostscript.com/show_bug.cgi?id=697934
Common Vulnerability Exposure (CVE) ID: CVE-2017-9612
BugTraq ID: 99979
http://www.securityfocus.com/bid/99979
Debian Security Information: DSA-3986 (Google Search)
http://www.debian.org/security/2017/dsa-3986
https://security.gentoo.org/glsa/201811-12
Common Vulnerability Exposure (CVE) ID: CVE-2017-9726
BugTraq ID: 99992
http://www.securityfocus.com/bid/99992
Common Vulnerability Exposure (CVE) ID: CVE-2017-9727
BugTraq ID: 99999
http://www.securityfocus.com/bid/99999
Common Vulnerability Exposure (CVE) ID: CVE-2017-9739
BugTraq ID: 99987
http://www.securityfocus.com/bid/99987
Common Vulnerability Exposure (CVE) ID: CVE-2017-9835
BugTraq ID: 99991
http://www.securityfocus.com/bid/99991
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.