Vulnerabilities > CVE-2019-6116
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Vulnerable Configurations
Exploit-Db
| file | exploits/linux/remote/46242.txt |
| id | EDB-ID:46242 |
| last seen | 2019-01-24 |
| modified | 2019-01-24 |
| platform | linux |
| port | |
| published | 2019-01-24 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46242 |
| title | Ghostscript 9.26 - Pseudo-Operator Remote Code Execution |
| type | remote |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-9F06AA44F6.NASL description - Security fix for CVE-2019-6116 - Fix for bug #1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124523 published 2019-05-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124523 title Fedora 30 : ghostscript (2019-9f06aa44f6) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-9f06aa44f6. # include("compat.inc"); if (description) { script_id(124523); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:11"); script_cve_id("CVE-2019-6116"); script_xref(name:"FEDORA", value:"2019-9f06aa44f6"); script_name(english:"Fedora 30 : ghostscript (2019-9f06aa44f6)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Security fix for CVE-2019-6116 - Fix for bug #1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f06aa44f6" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"ghostscript-9.26-3.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-104.NASL description This update for ghostscript version 9.26a fixes the following issues : Security issue fixed : - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 121537 published 2019-02-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121537 title openSUSE Security Update : ghostscript (openSUSE-2019-104) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-104. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(121537); script_version("1.3"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2019-6116"); script_name(english:"openSUSE Security Update : ghostscript (openSUSE-2019-104)"); script_summary(english:"Check for the openSUSE-2019-104 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for ghostscript version 9.26a fixes the following issues : Security issue fixed : - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122319" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ghostscript-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libspectre-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libspectre-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libspectre1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libspectre1-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-debuginfo-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-debugsource-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-devel-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-mini-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-mini-debuginfo-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-mini-debugsource-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-mini-devel-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-x11-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"ghostscript-x11-debuginfo-9.26a-lp150.2.12.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libspectre-debugsource-0.2.8-lp150.2.9.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libspectre-devel-0.2.8-lp150.2.9.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libspectre1-0.2.8-lp150.2.9.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libspectre1-debuginfo-0.2.8-lp150.2.9.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript-mini / ghostscript-mini-debuginfo / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0229.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a last seen 2020-06-01 modified 2020-06-02 plugin id 122061 published 2019-02-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122061 title CentOS 7 : ghostscript (CESA-2019:0229) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0229 and # CentOS Errata and Security Advisory 2019:0229 respectively. # include("compat.inc"); if (description) { script_id(122061); script_version("1.4"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-16540", "CVE-2018-19475", "CVE-2018-19476", "CVE-2018-19477", "CVE-2019-6116"); script_xref(name:"RHSA", value:"2019:0229"); script_name(english:"CentOS 7 : ghostscript (CESA-2019:0229)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a '/invalidfileaccess in --run--' error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919)" ); # https://lists.centos.org/pipermail/centos-announce/2019-February/023191.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?437d1158" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16540"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ghostscript-gtk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-9.07-31.el7_6.9")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-cups-9.07-31.el7_6.9")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-devel-9.07-31.el7_6.9")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-doc-9.07-31.el7_6.9")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ghostscript-gtk-9.07-31.el7_6.9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript / ghostscript-cups / ghostscript-devel / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4372.NASL description Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). last seen 2020-06-01 modified 2020-06-02 plugin id 121400 published 2019-01-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121400 title Debian DSA-4372-1 : ghostscript - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4372. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(121400); script_version("1.3"); script_cvs_date("Date: 2019/04/02 21:54:16"); script_cve_id("CVE-2019-6116"); script_xref(name:"DSA", value:"4372"); script_name(english:"Debian DSA-4372-1 : ghostscript - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled)." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ghostscript" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/ghostscript" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4372" ); script_set_attribute( attribute:"solution", value: "Upgrade the ghostscript packages. For the stable distribution (stretch), this problem has been fixed in version 9.26a~dfsg-0+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"ghostscript", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"ghostscript-dbg", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"ghostscript-doc", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"ghostscript-x", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libgs-dev", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libgs9", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libgs9-common", reference:"9.26a~dfsg-0+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2019-15D57AF79A.NASL description - Security fix for CVE-2019-6116 - Fix for bug #1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122979 published 2019-03-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122979 title Fedora 29 : ghostscript (2019-15d57af79a) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-15d57af79a. # include("compat.inc"); if (description) { script_id(122979); script_version("1.4"); script_cvs_date("Date: 2019/09/23 11:21:09"); script_cve_id("CVE-2019-6116"); script_xref(name:"FEDORA", value:"2019-15d57af79a"); script_name(english:"Fedora 29 : ghostscript (2019-15d57af79a)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Security fix for CVE-2019-6116 - Fix for bug #1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-15d57af79a" ); script_set_attribute( attribute:"solution", value:"Update the affected ghostscript package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ghostscript"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"ghostscript-9.26-3.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript"); }NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2019-1017.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125286 published 2019-05-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125286 title Virtuozzo 7 : ghostscript / ghostscript-cups / ghostscript-devel / etc (VZLSA-2019-1017) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0085_GHOSTSCRIPT.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ghostscript packages installed that are affected by a vulnerability: - It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. (CVE-2019-3839) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127300 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127300 title NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Vulnerability (NS-SA-2019-0085) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1065.NASL description According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-08 plugin id 122688 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122688 title EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1065) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1092.NASL description According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-26 plugin id 123105 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123105 title EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1092) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0971.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124664 published 2019-05-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124664 title RHEL 8 : ghostscript (RHSA-2019:0971) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1613.NASL description According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers.Security Fix(es):It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3838)t was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3835)It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints.(CVE-2019-6116)It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3839) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2019-05-30 plugin id 125565 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125565 title EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2019-1613) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3866-1.NASL description Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121345 published 2019-01-24 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121345 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : ghostscript vulnerability (USN-3866-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0145-1.NASL description This update for ghostscript version 9.26a fixes the following issues : Security issue fixed : CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121342 published 2019-01-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121342 title SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:0145-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-953FC0F16D.NASL description - rebase to latest upstream version 9.27 - security fixes added for : - CVE-2019-14811 (bug #1747908) - CVE-2019-14812 (bug #1747907) - CVE-2019-14813 (bug #1747906) - CVE-2019-14817 (bug #1747909) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129323 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129323 title Fedora 30 : ghostscript (2019-953fc0f16d) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1576.NASL description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-29 plugin id 125503 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125503 title EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1576) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0081_GHOSTSCRIPT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by a vulnerability: - It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. (CVE-2019-3839) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127293 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127293 title NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Vulnerability (NS-SA-2019-0081) NASL family Windows NASL id GHOSTSCRIPT_9_27.NASL description The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.27. It is, therefore, affected by a security bypass vulnerability due to some privileged operators remained accessible from various places after the CVE-2019-6116 fix. An authenticated, remote attacker can exploit this, via specially crafted PostScript file, to access the file system outside of the constrains imposed by -dSAFER. last seen 2020-06-01 modified 2020-06-02 plugin id 125631 published 2019-05-31 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125631 title Artifex Ghostscript < 9.27 PostScript Security Bypass Vulnerability NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1670.NASL description Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled). For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 122097 published 2019-02-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122097 title Debian DLA-1670-1 : ghostscript security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1017.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124690 published 2019-05-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124690 title RHEL 7 : ghostscript (RHSA-2019:1017) NASL family Fedora Local Security Checks NASL id FEDORA_2019-EBD6C4F15A.NASL description - rebase to latest upstream version 9.27 - security fixes added for : - CVE-2019-14811 (bug #1747908) - CVE-2019-14812 (bug #1747907) - CVE-2019-14813 (bug #1747906) - CVE-2019-14817 (bug #1747909) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129423 published 2019-09-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129423 title Fedora 29 : ghostscript (2019-ebd6c4f15a) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1110.NASL description According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-04-02 plugin id 123584 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123584 title EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1110) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0054_GHOSTSCRIPT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. (CVE-2018-16540) - psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. (CVE-2018-19475) - psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. (CVE-2018-19476) - psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. (CVE-2018-19477) - It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints. (CVE-2019-6116) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127241 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127241 title NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0144-1.NASL description This update for ghostscript to version 9.26a fixes the following issues : Security issue fixed : CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121341 published 2019-01-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121341 title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2019:0144-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-1017.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124871 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124871 title CentOS 7 : ghostscript (CESA-2019:1017) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1017.NASL description From Red Hat Security Advisory 2019:1017 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 125106 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125106 title Oracle Linux 7 : ghostscript (ELSA-2019-1017) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0229.NASL description From Red Hat Security Advisory 2019:0229 : An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a last seen 2020-06-01 modified 2020-06-02 plugin id 121523 published 2019-02-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121523 title Oracle Linux 7 : ghostscript (ELSA-2019-0229) NASL family Scientific Linux Local Security Checks NASL id SL_20190507_GHOSTSCRIPT_ON_SL7_X.NASL description Security Fix(es) : - ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) last seen 2020-03-18 modified 2019-05-09 plugin id 124704 published 2019-05-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124704 title Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190507) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0229.NASL description An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es) : * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a last seen 2020-06-01 modified 2020-06-02 plugin id 121527 published 2019-02-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121527 title RHEL 7 : ghostscript (RHSA-2019:0229) NASL family Fedora Local Security Checks NASL id FEDORA_2019-7B9BB0E426.NASL description - Security fix for CVE-2019-6116 - Fix for bug #1687144 added Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122982 published 2019-03-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122982 title Fedora 28 : ghostscript (2019-7b9bb0e426) NASL family Scientific Linux Local Security Checks NASL id SL_20190131_GHOSTSCRIPT_ON_SL7_X.NASL description Security Fix(es) : - ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) - ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) - ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) - ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) - ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Bug Fix(es) : - Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a last seen 2020-03-18 modified 2019-02-01 plugin id 121532 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121532 title Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190131) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2031.NASL description According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.(CVE-2018-19478) - It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3839) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129224 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129224 title EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2031) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1731.NASL description According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126858 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126858 title EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1731) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202004-03.NASL description The remote host is affected by the vulnerability described in GLSA-202004-03 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted file using GPL Ghostscript, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-04-07 modified 2020-04-02 plugin id 135114 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135114 title GLSA-202004-03 : GPL Ghostscript: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0971.NASL description From Red Hat Security Advisory 2019:0971 : An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es) : * ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127568 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127568 title Oracle Linux 8 : ghostscript (ELSA-2019-0971) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-092-01.NASL description New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123649 published 2019-04-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123649 title Slackware 14.2 / current : ghostscript (SSA:2019-092-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1254.NASL description According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.i1/4^CVE-2018-19475i1/4%0 - psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.i1/4^CVE-2018-19476i1/4%0 - psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.i1/4^CVE-2018-19477i1/4%0 - It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints.i1/4^CVE-2019-6116i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-04 plugin id 123722 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123722 title EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1254) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-103.NASL description This update for ghostscript to version 9.26a fixes the following issues : Security issue fixed : - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 121536 published 2019-02-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121536 title openSUSE Security Update : ghostscript (openSUSE-2019-103)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.exploit-db.com/exploits/46242/
- https://www.debian.org/security/2019/dsa-4372
- https://usn.ubuntu.com/3866-1/
- https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html
- https://bugs.ghostscript.com/show_bug.cgi?id=700317
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
- https://access.redhat.com/errata/RHSA-2019:0229
- http://www.securityfocus.com/bid/106700
- http://www.openwall.com/lists/oss-security/2019/01/23/5
- http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
- http://www.openwall.com/lists/oss-security/2019/03/21/1
- https://seclists.org/bugtraq/2019/Apr/4
- http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
- https://access.redhat.com/errata/RHBA-2019:0327
- https://security.gentoo.org/glsa/202004-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/