RHEL 8 : ghostscript (RHSA-2021:1852)

high Nessus Plugin ID 149709

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1852 advisory.

- ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)

- ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)

- ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)

- ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)

- ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)

- ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)

- ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)

- ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293)

- ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)

- ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)

- ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)

- ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)

- ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)

- ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)

- ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)

- ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)

- ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)

- ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)

- ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)

- ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)

- ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)

- ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)

- ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)

- ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)

- ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)

- ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2020-14373

https://access.redhat.com/security/cve/CVE-2020-16287

https://access.redhat.com/security/cve/CVE-2020-16288

https://access.redhat.com/security/cve/CVE-2020-16289

https://access.redhat.com/security/cve/CVE-2020-16290

https://access.redhat.com/security/cve/CVE-2020-16291

https://access.redhat.com/security/cve/CVE-2020-16292

https://access.redhat.com/security/cve/CVE-2020-16293

https://access.redhat.com/security/cve/CVE-2020-16294

https://access.redhat.com/security/cve/CVE-2020-16295

https://access.redhat.com/security/cve/CVE-2020-16296

https://access.redhat.com/security/cve/CVE-2020-16297

https://access.redhat.com/security/cve/CVE-2020-16298

https://access.redhat.com/security/cve/CVE-2020-16299

https://access.redhat.com/security/cve/CVE-2020-16300

https://access.redhat.com/security/cve/CVE-2020-16301

https://access.redhat.com/security/cve/CVE-2020-16302

https://access.redhat.com/security/cve/CVE-2020-16303

https://access.redhat.com/security/cve/CVE-2020-16304

https://access.redhat.com/security/cve/CVE-2020-16305

https://access.redhat.com/security/cve/CVE-2020-16306

https://access.redhat.com/security/cve/CVE-2020-16307

https://access.redhat.com/security/cve/CVE-2020-16308

https://access.redhat.com/security/cve/CVE-2020-16309

https://access.redhat.com/security/cve/CVE-2020-16310

https://access.redhat.com/security/cve/CVE-2020-17538

https://access.redhat.com/errata/RHSA-2021:1852

https://bugzilla.redhat.com/1870149

https://bugzilla.redhat.com/1870152

https://bugzilla.redhat.com/1870159

https://bugzilla.redhat.com/1870162

https://bugzilla.redhat.com/1870165

https://bugzilla.redhat.com/1870167

https://bugzilla.redhat.com/1870169

https://bugzilla.redhat.com/1870171

https://bugzilla.redhat.com/1870175

https://bugzilla.redhat.com/1870179

https://bugzilla.redhat.com/1870227

https://bugzilla.redhat.com/1870229

https://bugzilla.redhat.com/1870231

https://bugzilla.redhat.com/1870237

https://bugzilla.redhat.com/1870240

https://bugzilla.redhat.com/1870242

https://bugzilla.redhat.com/1870244

https://bugzilla.redhat.com/1870248

https://bugzilla.redhat.com/1870249

https://bugzilla.redhat.com/1870256

https://bugzilla.redhat.com/1870257

https://bugzilla.redhat.com/1870258

https://bugzilla.redhat.com/1870262

https://bugzilla.redhat.com/1870266

https://bugzilla.redhat.com/1870267

https://bugzilla.redhat.com/1873239

Plugin Details

Severity: High

ID: 149709

File Name: redhat-RHSA-2021-1852.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/19/2021

Updated: 1/1/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-16303

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.4, cpe:/o:redhat:rhel_aus:8.6, cpe:/o:redhat:rhel_e4s:8.4, cpe:/o:redhat:rhel_e4s:8.6, cpe:/o:redhat:rhel_eus:8.4, cpe:/o:redhat:rhel_eus:8.6, cpe:/o:redhat:rhel_tus:8.4, cpe:/o:redhat:rhel_tus:8.6, p-cpe:/a:redhat:enterprise_linux:ghostscript, p-cpe:/a:redhat:enterprise_linux:ghostscript-doc, p-cpe:/a:redhat:enterprise_linux:ghostscript-tools-dvipdf, p-cpe:/a:redhat:enterprise_linux:ghostscript-tools-fonts, p-cpe:/a:redhat:enterprise_linux:ghostscript-tools-printing, p-cpe:/a:redhat:enterprise_linux:ghostscript-x11, p-cpe:/a:redhat:enterprise_linux:libgs, p-cpe:/a:redhat:enterprise_linux:libgs-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2021

Vulnerability Publication Date: 8/13/2020

Reference Information

CVE: CVE-2020-14373, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538

CWE: 121, 122, 125, 131, 20, 369, 416, 456, 476, 682, 787, 805

IAVB: 2020-B-0046-S

RHSA: 2021:1852