Debian LTS Advisory ([SECURITY] [DLA 1527-1] ghostscript security update)

Published: 2018-09-30 22:00:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Affected Versions:
ghostscript on Debian Linux

Recommendations:
For Debian 8 'Jessie', these problems have been fixed in version 9.06~dfsg-2+deb8u9. We recommend that you upgrade your ghostscript Linux Distribution Packages.

Summary:
Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). In addition this update changes the device to txtwrite for the ps2ascii tool to prevent an error due to the fix for CVE-2018-17183.

Detection Method:
This check tests the installed software version using the apt Linux Distribution Package manager.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2018-16543
https://nvd.nist.gov/vuln/detail/CVE-2018-17183

References:

https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html

Search
Severity
Medium
CVSS Score
6.8

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.