SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8063)

high Nessus Plugin ID 58791

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update of ghostscript fixes two security issues :

- Off-by-one error in the TrueType bytecode interpreter in Ghostscript in SUSE Linux Enterprise 10 and 11 products allows remote attackers to cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. (CVE-2009-3743)

- The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream. (CVE-2010-4054)

Solution

Apply ZYPP patch number 8063.

See Also

http://support.novell.com/security/cve/CVE-2009-3743.html

http://support.novell.com/security/cve/CVE-2010-4054.html

Plugin Details

Severity: High

ID: 58791

File Name: suse_ghostscript-fonts-other-8063.nasl

Version: 1.6

Type: local

Agent: unix

Published: 4/19/2012

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/4/2012

Reference Information

CVE: CVE-2009-3743, CVE-2010-4054