Executive Summary
Summary | |
---|---|
Title | ghostscript security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2281 | First vendor Publication | 2019-08-06 |
Vendor | RedHat | Last vendor Modification | 2019-08-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.25). (BZ#1636115) Security Fix(es): * ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1585914 - CVE-2018-11645 ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files 1653706 - ps2pdf fails after fontconfig upgrade in RHEL 7.6 1654045 - ghostscript update breaks xdvi (gs: Error: /undefined in flushpage) 1657694 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object (Error: /rangecheck in --run--) 1661210 - ghostscript: Regression: pdf2ps reports an error when reading from stdin (Error: /invalidfileaccess in --run--) 1669611 - ghostscript: Regression: SEGV in names_ref on converting faulty PS to PDF |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2281.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-11-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4336.nasl - Type : ACT_GATHER_INFO |
2018-10-11 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1088.nasl - Type : ACT_GATHER_INFO |
2018-09-14 | Name : The remote Debian host is missing a security update. File : debian_DLA-1504.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:56 |
|