Vulnerabilities > CVE-2016-7978 - Use After Free vulnerability in Artifex Ghostscript 9.20

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
artifex
CWE-416
critical
nessus

Summary

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

Vulnerable Configurations

Part Description Count
Application
Artifex
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1237.NASL
    descriptionThis update for ghostscript fixes the following issues : - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5 (boo#1004237). - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix multiple -dsafer related CVE
    last seen2020-06-05
    modified2016-10-27
    plugin id94311
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94311
    titleopenSUSE Security Update : ghostscript (openSUSE-2016-1237)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1237.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94311);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
    
      script_name(english:"openSUSE Security Update : ghostscript (openSUSE-2016-1237)");
      script_summary(english:"Check for the openSUSE-2016-1237 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ghostscript fixes the following issues :
    
      - CVE-2016-8602: Fixes a NULL dereference in .sethalftone5
        (boo#1004237).
    
      - CVE-2013-5653, CVE-2016-7978, CVE-2016-7979: Fix
        multiple -dsafer related CVE's (boo#1001951)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004237"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ghostscript packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-debuginfo-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-debugsource-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-devel-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-mini-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-mini-debuginfo-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-mini-debugsource-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-mini-devel-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-x11-9.15-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"ghostscript-x11-debuginfo-9.15-6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript-mini / ghostscript-mini-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3148-1.NASL
    descriptionTavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in Ghostscript related to information disclosure. If a user or automated system were tricked into opening a specially crafted file, an attacker could expose sensitive data. (CVE-2013-5653, CVE-2016-7977). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95467
    published2016-12-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95467
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : ghostscript vulnerabilities (USN-3148-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3148-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95467);
      script_version("3.10");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7976", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
      script_xref(name:"USN", value:"3148-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : ghostscript vulnerabilities (USN-3148-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tavis Ormandy discovered multiple vulnerabilities in the way that
    Ghostscript processes certain Postscript files. If a user or automated
    system were tricked into opening a specially crafted file, an attacker
    could cause a denial of service or possibly execute arbitrary code.
    (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602)
    
    Multiple vulnerabilities were discovered in Ghostscript related to
    information disclosure. If a user or automated system were tricked
    into opening a specially crafted file, an attacker could expose
    sensitive data. (CVE-2013-5653, CVE-2016-7977).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3148-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ghostscript-x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgs9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgs9-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"ghostscript", pkgver:"9.05~dfsg-0ubuntu4.4")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"ghostscript-x", pkgver:"9.05~dfsg-0ubuntu4.4")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libgs9", pkgver:"9.05~dfsg-0ubuntu4.4")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libgs9-common", pkgver:"9.05~dfsg-0ubuntu4.4")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"ghostscript", pkgver:"9.10~dfsg-0ubuntu10.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"ghostscript-x", pkgver:"9.10~dfsg-0ubuntu10.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgs9", pkgver:"9.10~dfsg-0ubuntu10.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgs9-common", pkgver:"9.10~dfsg-0ubuntu10.5")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"ghostscript", pkgver:"9.18~dfsg~0-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"ghostscript-x", pkgver:"9.18~dfsg~0-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libgs9", pkgver:"9.18~dfsg~0-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libgs9-common", pkgver:"9.18~dfsg~0-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"ghostscript", pkgver:"9.19~dfsg+1-0ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"ghostscript-x", pkgver:"9.19~dfsg+1-0ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libgs9", pkgver:"9.19~dfsg+1-0ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libgs9-common", pkgver:"9.19~dfsg+1-0ubuntu6.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-x / libgs9 / libgs9-common");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0013.NASL
    descriptionFrom Red Hat Security Advisory 2017:0013 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)
    last seen2020-06-01
    modified2020-06-02
    plugin id96298
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96298
    titleOracle Linux 7 : ghostscript (ELSA-2017-0013)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2017:0013 and 
    # Oracle Linux Security Advisory ELSA-2017-0013 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96298);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
      script_xref(name:"RHSA", value:"2017:0013");
    
      script_name(english:"Oracle Linux 7 : ghostscript (ELSA-2017-0013)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2017:0013 :
    
    An update for ghostscript is now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Ghostscript suite contains utilities for rendering PostScript and
    PDF documents. Ghostscript translates PostScript code to common bitmap
    formats so that the code can be displayed or printed.
    
    Security Fix(es) :
    
    * It was found that the ghostscript functions getenv, filenameforall
    and .libfile did not honor the -dSAFER option, usually used when
    processing untrusted documents, leading to information disclosure. A
    specially crafted postscript document could read environment variable,
    list directory and retrieve file content respectively, from the
    target. (CVE-2013-5653, CVE-2016-7977)
    
    * It was found that the ghostscript function .setdevice suffered a
    use-after-free vulnerability due to an incorrect reference count. A
    specially crafted postscript document could trigger code execution in
    the context of the gs process. (CVE-2016-7978)
    
    * It was found that the ghostscript function .initialize_dsc_parser
    did not validate its parameter before using it, allowing a type
    confusion flaw. A specially crafted postscript document could cause a
    crash code execution in the context of the gs process. (CVE-2016-7979)
    
    * It was found that ghostscript did not sufficiently check the
    validity of parameters given to the .sethalftone5 function. A
    specially crafted postscript document could cause a crash, or execute
    arbitrary code in the context of the gs process. (CVE-2016-8602)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-January/006610.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ghostscript packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ghostscript-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ghostscript-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ghostscript-cups-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ghostscript-devel-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ghostscript-doc-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ghostscript-gtk-9.07-20.el7_3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-devel / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1050.NASL
    descriptionAccording to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) - It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) - It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) - It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99813
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99813
    titleEulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2016-1050)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99813);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2013-5653",
        "CVE-2016-7977",
        "CVE-2016-7978",
        "CVE-2016-7979",
        "CVE-2016-8602"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2016-1050)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ghostscript packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - It was found that the ghostscript functions getenv,
        filenameforall and .libfile did not honor the -dSAFER
        option, usually used when processing untrusted
        documents, leading to information disclosure. A
        specially crafted postscript document could read
        environment variable, list directory and retrieve file
        content respectively, from the target. (CVE-2013-5653,
        CVE-2016-7977)
    
      - It was found that the ghostscript function .setdevice
        suffered a use-after-free vulnerability due to an
        incorrect reference count. A specially crafted
        postscript document could trigger code execution in the
        context of the gs process. (CVE-2016-7978)
    
      - It was found that the ghostscript function
        .initialize_dsc_parser did not validate its parameter
        before using it, allowing a type confusion flaw. A
        specially crafted postscript document could cause a
        crash code execution in the context of the gs process.
        (CVE-2016-7979)
    
      - It was found that ghostscript did not sufficiently
        check the validity of parameters given to the
        .sethalftone5 function. A specially crafted postscript
        document could cause a crash, or execute arbitrary code
        in the context of the gs process. (CVE-2016-8602)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1050
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b88dca48");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ghostscript packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ghostscript-9.07-20.1.h1",
            "ghostscript-cups-9.07-20.1.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1207.NASL
    descriptionThis update for ghostscript-library fixes the following issues : - Multiple security vulnerabilities have been discovered where ghostscript
    last seen2020-06-05
    modified2016-10-24
    plugin id94217
    published2016-10-24
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94217
    titleopenSUSE Security Update : ghostscript-library (openSUSE-2016-1207)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1207.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94217);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7978", "CVE-2016-7979");
    
      script_name(english:"openSUSE Security Update : ghostscript-library (openSUSE-2016-1207)");
      script_summary(english:"Check for the openSUSE-2016-1207 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ghostscript-library fixes the following issues :
    
      - Multiple security vulnerabilities have been discovered
        where ghostscript's '-dsafer' flag did not provide
        sufficient protection against unintended access to the
        file system. Thus, a machine that would process a
        specially crafted Postscript file would potentially leak
        sensitive information to an attacker. (CVE-2013-5653,
        bsc#1001951)
    
      - An incorrect reference count was found in .setdevice.
        This issue lead to a use-after-free scenario, which
        could have been exploited for denial-of-service or,
        possibly, arbitrary code execution attacks.
        (CVE-2016-7978, bsc#1001951)
    
      - Insufficient validation of the type of input in
        .initialize_dsc_parser used to allow remote code
        execution. (CVE-2016-7979, bsc#1001951)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001951"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ghostscript-library packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-debuginfo-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-debugsource-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-devel-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-mini-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-mini-debuginfo-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-mini-debugsource-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-mini-devel-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-x11-9.15-8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ghostscript-x11-debuginfo-9.15-8.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript-mini / ghostscript-mini-debuginfo / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3691.NASL
    descriptionSeveral vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id94023
    published2016-10-13
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94023
    titleDebian DSA-3691-1 : ghostscript - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3691. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94023);
      script_version("2.9");
      script_cvs_date("Date: 2018/11/10 11:49:38");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7976", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
      script_xref(name:"DSA", value:"3691");
    
      script_name(english:"Debian DSA-3691-1 : ghostscript - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in Ghostscript, the GPL
    PostScript/PDF interpreter, which may lead to the execution of
    arbitrary code or information disclosure if a specially crafted
    Postscript file is processed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/ghostscript"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2016/dsa-3691"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the ghostscript packages.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 9.06~dfsg-2+deb8u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ghostscript");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"ghostscript", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"ghostscript-dbg", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"ghostscript-doc", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"ghostscript-x", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgs-dev", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgs9", reference:"9.06~dfsg-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libgs9-common", reference:"9.06~dfsg-2+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0013.NASL
    descriptionAn update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101399
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101399
    titleVirtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2017-0013)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101399);
      script_version("1.8");
      script_cvs_date("Date: 2018/11/20 11:04:17");
    
      script_cve_id(
        "CVE-2013-5653",
        "CVE-2016-7977",
        "CVE-2016-7978",
        "CVE-2016-7979",
        "CVE-2016-8602"
      );
    
      script_name(english:"Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2017-0013)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "An update for ghostscript is now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Ghostscript suite contains utilities for rendering PostScript and
    PDF documents. Ghostscript translates PostScript code to common bitmap
    formats so that the code can be displayed or printed.
    
    Security Fix(es) :
    
    * It was found that the ghostscript functions getenv, filenameforall
    and .libfile did not honor the -dSAFER option, usually used when
    processing untrusted documents, leading to information disclosure. A
    specially crafted postscript document could read environment variable,
    list directory and retrieve file content respectively, from the
    target. (CVE-2013-5653, CVE-2016-7977)
    
    * It was found that the ghostscript function .setdevice suffered a
    use-after-free vulnerability due to an incorrect reference count. A
    specially crafted postscript document could trigger code execution in
    the context of the gs process. (CVE-2016-7978)
    
    * It was found that the ghostscript function .initialize_dsc_parser
    did not validate its parameter before using it, allowing a type
    confusion flaw. A specially crafted postscript document could cause a
    crash code execution in the context of the gs process. (CVE-2016-7979)
    
    * It was found that ghostscript did not sufficiently check the
    validity of parameters given to the .sethalftone5 function. A
    specially crafted postscript document could cause a crash, or execute
    arbitrary code in the context of the gs process. (CVE-2016-8602)
    
    Note that Tenable Network Security has attempted to extract the
    preceding description block directly from the corresponding Red Hat
    security advisory. Virtuozzo provides no description for VZLSA
    advisories. Tenable has attempted to automatically clean and format
    it as much as possible without introducing additional issues.");
      # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0013.json
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e544dc00");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-0013");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ghostscript / ghostscript-cups / ghostscript-devel / etc package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:ghostscript-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:ghostscript-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["ghostscript-9.07-20.vl7.1",
            "ghostscript-cups-9.07-20.vl7.1",
            "ghostscript-devel-9.07-20.vl7.1",
            "ghostscript-doc-9.07-20.vl7.1",
            "ghostscript-gtk-9.07-20.vl7.1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-7", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-devel / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170104_GHOSTSCRIPT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) - It was found that the ghostscript function .setdevice suffered a use- after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) - It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) - It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)
    last seen2020-03-18
    modified2017-01-05
    plugin id96302
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96302
    titleScientific Linux Security Update : ghostscript on SL7.x x86_64 (20170104)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96302);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
    
      script_name(english:"Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20170104)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - It was found that the ghostscript functions getenv,
        filenameforall and .libfile did not honor the -dSAFER
        option, usually used when processing untrusted
        documents, leading to information disclosure. A
        specially crafted postscript document could read
        environment variable, list directory and retrieve file
        content respectively, from the target. (CVE-2013-5653,
        CVE-2016-7977)
    
      - It was found that the ghostscript function .setdevice
        suffered a use- after-free vulnerability due to an
        incorrect reference count. A specially crafted
        postscript document could trigger code execution in the
        context of the gs process. (CVE-2016-7978)
    
      - It was found that the ghostscript function
        .initialize_dsc_parser did not validate its parameter
        before using it, allowing a type confusion flaw. A
        specially crafted postscript document could cause a
        crash code execution in the context of the gs process.
        (CVE-2016-7979)
    
      - It was found that ghostscript did not sufficiently check
        the validity of parameters given to the .sethalftone5
        function. A specially crafted postscript document could
        cause a crash, or execute arbitrary code in the context
        of the gs process. (CVE-2016-8602)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=409
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?472d4987"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ghostscript-gtk");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ghostscript-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ghostscript-cups-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ghostscript-debuginfo-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ghostscript-devel-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"SL7", reference:"ghostscript-doc-9.07-20.el7_3.1")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ghostscript-gtk-9.07-20.el7_3.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-debuginfo / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-1C13825502.NASL
    descriptionThis is a rebase of **ghostscript** package, to address several security issues : - [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor -dSAFER* - [CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi ?id=1380327) - *getenv and filenameforall ignore -dSAFER* - [CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi ?id=1382294) - *various userparams allow %pipe% in paths, allowing remote shell* - [CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi ?id=1382300) - *reference leak in .setdevice allows use-after-free and remote code* - [CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi ?id=1382305) - *Type confusion in .initialize_dsc_parser allows remote code execution* ----------- #### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS : **ghostscript** has been rebased to latest upstream version (9.20). Rebase notes : - **no API/ABI changes between versions 9.16 -> 9.20 according to upstream** - *OpenJPEG* support has been retained - *ijs-config* custom tool from upstream has been *removed* (by upstream) (*pkg-config* is used by default now instead, see [commit 0c176a9](http://git.ghostscript.com/?p=ghostpdl.git;h=0c 176a91d53c85cda)) - some patches were updated to
    last seen2020-06-05
    modified2016-10-19
    plugin id94119
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94119
    titleFedora 23 : ghostscript (2016-1c13825502)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-1c13825502.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94119);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7976", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979");
      script_xref(name:"FEDORA", value:"2016-1c13825502");
    
      script_name(english:"Fedora 23 : ghostscript (2016-1c13825502)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is a rebase of **ghostscript** package, to address several
    security issues :
    
      - [CVE-2016-7977
        ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) -
        *.libfile does not honor -dSAFER*
    
      -
        [CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi
        ?id=1380327) - *getenv and filenameforall ignore
        -dSAFER*
    
      -
        [CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi
        ?id=1382294) - *various userparams allow %pipe% in
        paths, allowing remote shell*
    
      -
        [CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi
        ?id=1382300) - *reference leak in .setdevice allows
        use-after-free and remote code*
    
      -
        [CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi
        ?id=1382305) - *Type confusion in .initialize_dsc_parser
        allows remote code execution*
    
    ----------- #### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS :
    
    **ghostscript** has been rebased to latest upstream version (9.20).
    Rebase notes :
    
      - **no API/ABI changes between versions 9.16 -> 9.20
        according to upstream**
    
      - *OpenJPEG* support has been retained
    
      - *ijs-config* custom tool from upstream has been
        *removed* (by upstream) (*pkg-config* is used by default
        now instead, see [commit
        0c176a9](http://git.ghostscript.com/?p=ghostpdl.git;h=0c
        176a91d53c85cda))
    
      - some patches were updated to 'git format-patch' format &
        renamed
    
      - rest of the patches were deleted (irrelevant for current
        version), mostly because upstream has fixed those issues
        in some way
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-1c13825502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1380327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1380415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1382294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1382300"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1382305"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ghostscript package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ghostscript");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"ghostscript-9.20-2.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201702-31.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201702-31 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript and the bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26 (OpenJPEG) referenced below for additional information. Note: GPL Ghostscript in Gentoo since app-text/ghostscript-gpl-9.20-r1 no longer bundles OpenJPEG. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF using GPL Ghostscript possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id97343
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97343
    titleGLSA-201702-31 : GPL Ghostscript: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201702-31.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97343);
      script_version("$Revision: 3.4 $");
      script_cvs_date("$Date: 2018/01/26 17:15:57 $");
    
      script_cve_id("CVE-2016-7976", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
      script_xref(name:"GLSA", value:"201702-31");
    
      script_name(english:"GLSA-201702-31 : GPL Ghostscript: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201702-31
    (GPL Ghostscript: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in GPL Ghostscript and the
          bundled OpenJPEG. Please review the CVE identifiers and GLSA-201612-26
          (OpenJPEG) referenced below for additional information.
        Note: GPL Ghostscript in Gentoo since app-text/ghostscript-gpl-9.20-r1
          no longer bundles OpenJPEG.
      
    Impact :
    
        A context-dependent attacker could entice a user to open a specially
          crafted PostScript file or PDF using GPL Ghostscript possibly resulting
          in the execution of arbitrary code with the privileges of the process or
          a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201612-26"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201702-31"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All GPL Ghostscript users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-text/ghostscript-gpl-9.20-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ghostscript-gpl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-text/ghostscript-gpl", unaffected:make_list("ge 9.20-r1"), vulnerable:make_list("lt 9.20-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GPL Ghostscript");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0013.NASL
    descriptionAn update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)
    last seen2020-06-01
    modified2020-06-02
    plugin id96308
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96308
    titleRHEL 7 : ghostscript (RHSA-2017:0013)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0013. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96308);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2013-5653", "CVE-2016-7977", "CVE-2016-7978", "CVE-2016-7979", "CVE-2016-8602");
      script_xref(name:"RHSA", value:"2017:0013");
    
      script_name(english:"RHEL 7 : ghostscript (RHSA-2017:0013)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ghostscript is now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Ghostscript suite contains utilities for rendering PostScript and
    PDF documents. Ghostscript translates PostScript code to common bitmap
    formats so that the code can be displayed or printed.
    
    Security Fix(es) :
    
    * It was found that the ghostscript functions getenv, filenameforall
    and .libfile did not honor the -dSAFER option, usually used when
    processing untrusted documents, leading to information disclosure. A
    specially crafted postscript document could read environment variable,
    list directory and retrieve file content respectively, from the
    target. (CVE-2013-5653, CVE-2016-7977)
    
    * It was found that the ghostscript function .setdevice suffered a
    use-after-free vulnerability due to an incorrect reference count. A
    specially crafted postscript document could trigger code execution in
    the context of the gs process. (CVE-2016-7978)
    
    * It was found that the ghostscript function .initialize_dsc_parser
    did not validate its parameter before using it, allowing a type
    confusion flaw. A specially crafted postscript document could cause a
    crash code execution in the context of the gs process. (CVE-2016-7979)
    
    * It was found that ghostscript did not sufficiently check the
    validity of parameters given to the .sethalftone5 function. A
    specially crafted postscript document could cause a crash, or execute
    arbitrary code in the context of the gs process. (CVE-2016-8602)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7977"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-8602"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0013";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"ghostscript-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ghostscript-cups-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ghostscript-cups-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ghostscript-debuginfo-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ghostscript-devel-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ghostscript-doc-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ghostscript-gtk-9.07-20.el7_3.1")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ghostscript-gtk-9.07-20.el7_3.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-debuginfo / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-53E8AA35F6.NASL
    descriptionThis is a rebase of **ghostscript** package, to address several security issues : - [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor -dSAFER* - [CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi ?id=1380327) - *getenv and filenameforall ignore -dSAFER* - [CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi ?id=1382294) - *various userparams allow %pipe% in paths, allowing remote shell* - [CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi ?id=1382300) - *reference leak in .setdevice allows use-after-free and remote code* - [CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi ?id=1382305) - *Type confusion in .initialize_dsc_parser allows remote code execution* ----------- #### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS : **ghostscript** has been rebased to latest upstream version (9.20). Rebase notes : - **no API/ABI changes between versions 9.16 -> 9.20 according to upstream** - *OpenJPEG* support has been retained - *ijs-config* custom tool from upstream has been *removed* (by upstream) (*pkg-config* is used by default now instead, see [commit 0c176a9](http://git.ghostscript.com/?p=ghostpdl.git;h=0c 176a91d53c85cda)) - some patches were updated to
    last seen2020-06-05
    modified2016-10-19
    plugin id94121
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94121
    titleFedora 24 : ghostscript (2016-53e8aa35f6)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2492-1.NASL
    descriptionThis update for ghostscript-library fixes the following issues : - Multiple security vulnerabilities have been discovered where ghostscript
    last seen2020-06-01
    modified2020-06-02
    plugin id94006
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94006
    titleSUSE SLED12 / SLES12 Security Update : ghostscript-library (SUSE-SU-2016:2492-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0013.NASL
    descriptionAn update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602)
    last seen2020-06-01
    modified2020-06-02
    plugin id96285
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96285
    titleCentOS 7 : ghostscript (CESA-2017:0013)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-2DF27A2224.NASL
    descriptionThis is a rebase of **ghostscript** package, to address several security issues : - [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) - *.libfile does not honor -dSAFER* - [CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi ?id=1380327) - *getenv and filenameforall ignore -dSAFER* - [CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi ?id=1382294) - *various userparams allow %pipe% in paths, allowing remote shell* - [CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi ?id=1382300) - *reference leak in .setdevice allows use-after-free and remote code* - [CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi ?id=1382305) - *Type confusion in .initialize_dsc_parser allows remote code execution* ----------- #### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS : **ghostscript** has been rebased to latest upstream version (9.20). Rebase notes : - **no API/ABI changes between versions 9.16 -> 9.20 according to upstream** - *OpenJPEG* support has been retained - *ijs-config* custom tool from upstream has been *removed* (by upstream) (*pkg-config* is used by default now instead, see [commit 0c176a9](http://git.ghostscript.com/?p=ghostpdl.git;h=0c 176a91d53c85cda)) - some patches were updated to
    last seen2020-06-05
    modified2016-11-15
    plugin id94786
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94786
    titleFedora 25 : ghostscript (2016-2df27a2224)

Redhat

advisories
rhsa
idRHSA-2017:0013
rpms
  • ghostscript-0:9.07-20.el7_3.1
  • ghostscript-cups-0:9.07-20.el7_3.1
  • ghostscript-debuginfo-0:9.07-20.el7_3.1
  • ghostscript-devel-0:9.07-20.el7_3.1
  • ghostscript-doc-0:9.07-20.el7_3.1
  • ghostscript-gtk-0:9.07-20.el7_3.1