Vulnerabilities > CVE-2018-19475

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
artifex
debian
canonical
redhat
nessus

Summary

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

Vulnerable Configurations

Part Description Count
Application
Artifex
250
Application
Redhat
1
OS
Debian
2
OS
Canonical
4
OS
Redhat
7

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0229.NASL
    descriptionAn update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a
    last seen2020-06-01
    modified2020-06-02
    plugin id122061
    published2019-02-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122061
    titleCentOS 7 : ghostscript (CESA-2019:0229)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:0229 and 
    # CentOS Errata and Security Advisory 2019:0229 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122061);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-16540", "CVE-2018-19475", "CVE-2018-19476", "CVE-2018-19477", "CVE-2019-6116");
      script_xref(name:"RHSA", value:"2019:0229");
    
      script_name(english:"CentOS 7 : ghostscript (CESA-2019:0229)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ghostscript is now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Ghostscript suite contains utilities for rendering PostScript and
    PDF documents. Ghostscript translates PostScript code to common bitmap
    formats so that the code can be displayed or printed.
    
    Security Fix(es) :
    
    * ghostscript: use-after-free in copydevice handling (699661)
    (CVE-2018-16540)
    
    * ghostscript: access bypass in psi/zdevice2.c (700153)
    (CVE-2018-19475)
    
    * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476)
    
    * ghostscript: access bypass in psi/zfjbig2.c (700168)
    (CVE-2018-19477)
    
    * ghostscript: subroutines within pseudo-operators must themselves be
    pseudo-operators (700317) (CVE-2019-6116)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Tavis Ormandy (Google Project Zero) for
    reporting CVE-2019-6116.
    
    Bug Fix(es) :
    
    * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression
    during the standard input reading, causing a '/invalidfileaccess in
    --run--' error. With this update, the regression has been fixed and
    the described error no longer occurs. (BZ#1665919)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2019-February/023191.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?437d1158"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ghostscript packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16540");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-gtk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-9.07-31.el7_6.9")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-cups-9.07-31.el7_6.9")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-devel-9.07-31.el7_6.9")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-doc-9.07-31.el7_6.9")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-gtk-9.07-31.el7_6.9")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1552.NASL
    descriptionThis update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331) : - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-12-17
    plugin id119711
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119711
    titleopenSUSE Security Update : ghostscript (openSUSE-2018-1552)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1065.NASL
    descriptionAccording to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122688
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122688
    titleEulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1065)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4087-1.NASL
    descriptionThis update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): Security issues have been the primary focus Minor bug fixes and improvements For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id120186
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120186
    titleSUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2018:4087-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1092.NASL
    descriptionAccording to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-26
    plugin id123105
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123105
    titleEulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1092)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4090-1.NASL
    descriptionThis update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): Security issues have been the primary focus Minor bug fixes and improvements For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119651
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119651
    titleSUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:4090-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1110.NASL
    descriptionAccording to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123584
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123584
    titleEulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1110)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0054_GHOSTSCRIPT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. (CVE-2018-16540) - psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. (CVE-2018-19475) - psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. (CVE-2018-19476) - psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. (CVE-2018-19477) - It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints. (CVE-2019-6116) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127241
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127241
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054)
  • NASL familyWindows
    NASL idGHOSTSCRIPT_9_26.NASL
    descriptionThe version of Artifex Ghostscript installed on the remote Windows host is prior to 9.26. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id119240
    published2018-11-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119240
    titleArtifex Ghostscript < 9.26 PostScript Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1556.NASL
    descriptionThis update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331) : - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-12-17
    plugin id119713
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119713
    titleopenSUSE Security Update : ghostscript (openSUSE-2018-1556)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0229.NASL
    descriptionFrom Red Hat Security Advisory 2019:0229 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a
    last seen2020-06-01
    modified2020-06-02
    plugin id121523
    published2019-02-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121523
    titleOracle Linux 7 : ghostscript (ELSA-2019-0229)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0229.NASL
    descriptionAn update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a
    last seen2020-06-01
    modified2020-06-02
    plugin id121527
    published2019-02-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121527
    titleRHEL 7 : ghostscript (RHSA-2019:0229)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190131_GHOSTSCRIPT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Bug Fix(es) : - Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a
    last seen2020-03-18
    modified2019-02-01
    plugin id121532
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121532
    titleScientific Linux Security Update : ghostscript on SL7.x x86_64 (20190131)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-82ACB29C1B.NASL
    description - rebase to latest upstream version 9.26 - Security fix for CVE-2018-19478 CVE-2018-19134 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19409 CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122284
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122284
    titleFedora 28 : ghostscript (2019-82acb29c1b)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-077A3F23C0.NASL
    description - rebase to latest upstream version 9.26 - Security fix for CVE-2018-19478 CVE-2018-19134 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19409 CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122103
    published2019-02-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122103
    titleFedora 29 : ghostscript (2019-077a3f23c0)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3831-1.NASL
    descriptionIt was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119301
    published2018-11-30
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119301
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : ghostscript vulnerabilities (USN-3831-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1598.NASL
    descriptionSeveral security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id119267
    published2018-11-29
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119267
    titleDebian DLA-1598-1 : ghostscript security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4346.NASL
    descriptionSeveral vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). This update rebases ghostscript for stretch to the upstream version 9.26 which includes additional changes.
    last seen2020-06-01
    modified2020-06-02
    plugin id119269
    published2018-11-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119269
    titleDebian DSA-4346-1 : ghostscript - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1254.NASL
    descriptionAccording to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.i1/4^CVE-2018-19475i1/4%0 - psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.i1/4^CVE-2018-19476i1/4%0 - psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.i1/4^CVE-2018-19477i1/4%0 - It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints.i1/4^CVE-2019-6116i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123722
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123722
    titleEulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1254)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1007.NASL
    descriptionThis update for ghostscript to version 9.26 fixes the following issues : Security issues fixed : - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331) : - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123151
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123151
    titleopenSUSE Security Update : ghostscript (openSUSE-2019-1007)

Redhat

advisories
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2019:0229
rpms
  • ghostscript-0:9.07-31.el7_6.9
  • ghostscript-cups-0:9.07-31.el7_6.9
  • ghostscript-debuginfo-0:9.07-31.el7_6.9
  • ghostscript-devel-0:9.07-31.el7_6.9
  • ghostscript-doc-0:9.07-31.el7_6.9
  • ghostscript-gtk-0:9.07-31.el7_6.9