ALT-PU-2019-1144-1
Package ghostscript updated to version 9.26-alt2 for branch sisyphus in task 220106.
Closed vulnerabilities
Published: 2019-01-23
BDU:2019-00687
Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с ошибками в коде, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (7.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
- http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- [oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators
- [oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators
- [oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838
- [oss-security] 20190321 ghostscript: 2 -dSAFER bypass: CVE-2019-3835 & CVE-2019-3838
- 106700
- 106700
- RHBA-2019:0327
- RHBA-2019:0327
- RHSA-2019:0229
- RHSA-2019:0229
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
- https://bugs.ghostscript.com/show_bug.cgi?id=700317
- https://bugs.ghostscript.com/show_bug.cgi?id=700317
- [debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update
- [debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update
- FEDORA-2019-ebd6c4f15a
- FEDORA-2019-ebd6c4f15a
- FEDORA-2019-15d57af79a
- FEDORA-2019-15d57af79a
- FEDORA-2019-7b9bb0e426
- FEDORA-2019-7b9bb0e426
- FEDORA-2019-9f06aa44f6
- FEDORA-2019-9f06aa44f6
- FEDORA-2019-953fc0f16d
- FEDORA-2019-953fc0f16d
- 20190402 [slackware-security] ghostscript (SSA:2019-092-01)
- 20190402 [slackware-security] ghostscript (SSA:2019-092-01)
- GLSA-202004-03
- GLSA-202004-03
- USN-3866-1
- USN-3866-1
- DSA-4372
- DSA-4372
- 46242
- 46242