This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for ghostscript-library fixes the following issues :
- Multiple security vulnerabilities have been discovered
where ghostscript's '-dsafer' flag did not provide
sufficient protection against unintended access to the
file system. Thus, a machine that would process a
specially crafted Postscript file would potentially leak
sensitive information to an attacker. (CVE-2013-5653,
- An incorrect reference count was found in .setdevice.
This issue lead to a use-after-free scenario, which
could have been exploited for denial-of-service or,
possibly, arbitrary code execution attacks.
- Insufficient validation of the type of input in
.initialize_dsc_parser used to allow remote code
execution. (CVE-2016-7979, bsc#1001951)
This update was imported from the SUSE:SLE-12:Update update project.
See also :
Update the affected ghostscript-library packages.
Risk factor :
High / CVSS Base Score : 7.5