SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8063)

High Nessus Plugin ID 58791


The remote SuSE 10 host is missing a security-related patch.


This update of ghostscript fixes two security issues :

- Off-by-one error in the TrueType bytecode interpreter in Ghostscript in SUSE Linux Enterprise 10 and 11 products allows remote attackers to cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. (CVE-2009-3743)

- The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream. (CVE-2010-4054)


Apply ZYPP patch number 8063.

See Also

Plugin Details

Severity: High

ID: 58791

File Name: suse_ghostscript-fonts-other-8063.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2012/04/19

Modified: 2012/05/17

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/05/04

Reference Information

CVE: CVE-2009-3743, CVE-2010-4054