Executive Summary

Summary
Titleghostscript security update
Informations
NameDSA-4336First vendor Publication2018-11-10
VendorDebianLast vendor Modification2018-11-10
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

This update rebases ghostscript for stretch to the upstream version 9.25 which includes additional non-security related changes.

For the stable distribution (stretch), these problems have been fixed in version 9.25~dfsg-0+deb9u1.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript

Original Source

Url : http://www.debian.org/security/2018/dsa-4336

CWE : Common Weakness Enumeration

%idName
50 %CWE-200Information Exposure
25 %CWE-284Access Control (Authorization) Issues
25 %CWE-254Security Features

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7
Os4
Os2

Nessus® Vulnerability Scanner

DateDescription
2018-11-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201811-12.nasl - Type : ACT_GATHER_INFO
2018-11-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4336.nasl - Type : ACT_GATHER_INFO
2018-10-23Name : The remote Debian host is missing a security update.
File : debian_DLA-1552.nasl - Type : ACT_GATHER_INFO
2018-10-11Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1088.nasl - Type : ACT_GATHER_INFO
2018-09-14Name : The remote Debian host is missing a security update.
File : debian_DLA-1504.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-12-06 17:21:07
  • Multiple Updates
2018-12-04 21:21:49
  • Multiple Updates
2018-11-10 17:18:22
  • First insertion