SuSE Update For Ghostscript SUSE-SA:2008:010 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

A stack based buffer overflow was fixed in the ghostscript interpreter, which can be used to execute code or at least crash ghostscript. CVE-2008-0411 This can be exploited for instance by site local users printing to a print server which uses ghostscript to raster data, making this a remote problem. Unfortunately this error is not caught by the stack overflow protection technologies we use.

Affected

ghostscript on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1

References

http://www.novell.com/linux/security/advisories/2008_10_ghostscript.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0411
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for freetype2
SLES10: Security update for Apache 2
SLES10: Security update for opensc
SLES10: Security update for fetchmail
SLES10: Security update for OpenSSL

SuSE Update for ghostscript SUSE-SA:2008:010

Take action and discover your vulnerabilities