安全公告详情

NS-SA-2019-0071

2019-07-17 14:58:09

简介

important: ghostscript/tcpdump security update

严重级别

important

主题

An update for ghostscript/tcpdump is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

ghostscript: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package.
tcpdump: Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic.


Security Fix(es):
ghostscript: It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3838)
ghostscript: It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3835)
ghostscript: bugfix
tcpdump: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().(CVE-2017-12900)
tcpdump: 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.(CVE-2017-11108)
tcpdump: A vulnerability was discovered in tcpdump's handling of LINKTYPE_SLIP pcap files. An attacker could craft a malicious pcap file that would cause tcpdump to crash when attempting to print a summary of packet data within the file.(CVE-2017-11543)
tcpdump: A vulnerability was discovered in tcpdump's handling of LINKTYPE_SLIP pcap files. An attacker could craft a malicious pcap file that would cause tcpdump to crash when attempting to print a summary of packet data within the file.(CVE-2017-11544)
tcpdump: The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().(CVE-2017-12897)
tcpdump: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().(CVE-2017-12896)
tcpdump: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)
tcpdump: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().(CVE-2017-13032)
tcpdump: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13023)
tcpdump: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13024)
tcpdump: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13016)
tcpdump: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().(CVE-2017-13027)
tcpdump: The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.(CVE-2017-13014)
tcpdump: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().(CVE-2017-12998)
tcpdump: The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-13000)
tcpdump: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().(CVE-2017-13035)
tcpdump: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)
tcpdump: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)
tcpdump: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.(CVE-2017-13026)
tcpdump: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().(CVE-2017-13004)
tcpdump: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)
tcpdump: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().(CVE-2017-13009)
tcpdump: The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().(CVE-2017-13007)
tcpdump: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().(CVE-2017-13008)
tcpdump: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.(CVE-2017-12993)
tcpdump: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)
tcpdump: The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)
tcpdump: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().(CVE-2017-13041)
tcpdump: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)
tcpdump: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)
tcpdump: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().(CVE-2017-13053)
tcpdump: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054)
tcpdump: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().(CVE-2017-13050)
tcpdump: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13690)
tcpdump: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)
tcpdump: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().(CVE-2017-13055)
tcpdump: The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().(CVE-2017-13687)
tcpdump: The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().(CVE-2017-12989)
tcpdump: The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.(CVE-2017-12902)
tcpdump: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().(CVE-2017-12987)
tcpdump: The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().(CVE-2017-12995)
tcpdump: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-12986)
tcpdump: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().(CVE-2017-12894)
tcpdump: The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().(CVE-2017-12997)
tcpdump: The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.(CVE-2017-12990)
tcpdump: A vulnerability was found in tcpdump's verbose printing of packet data. A crafted pcap file or specially crafted network traffic could cause tcpdump to write out of bounds in the BSS segment, potentially causing tcpdump to display truncated or incorrectly decoded fields or crash with a segmentation violation. This does not affect tcpdump when used with the -w option to save a pcap file.(CVE-2017-13011)
tcpdump: The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().(CVE-2017-12893)
tcpdump: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2017-12895)
tcpdump: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().(CVE-2017-12898)
tcpdump: The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().(CVE-2017-12899)
tcpdump: The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().(CVE-2017-12901)
tcpdump: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)
tcpdump: The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)
tcpdump: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)
tcpdump: The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().(CVE-2017-12992)
tcpdump: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)
tcpdump: The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().(CVE-2017-12996)
tcpdump: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().(CVE-2017-12999)
tcpdump: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().(CVE-2017-13001)
tcpdump: The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().(CVE-2017-13002)
tcpdump: The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().(CVE-2017-13003)
tcpdump: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().(CVE-2017-13005)
tcpdump: The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.(CVE-2017-13006)
tcpdump: The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().(CVE-2017-13010)
tcpdump: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2017-13012)
tcpdump: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)
tcpdump: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().(CVE-2017-13015)
tcpdump: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().(CVE-2017-13017)
tcpdump: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13018)
tcpdump: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)
tcpdump: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13020)
tcpdump: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().(CVE-2017-13021)
tcpdump: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)
tcpdump: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().(CVE-2017-13028)
tcpdump: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)
tcpdump: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)
tcpdump: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13034)
tcpdump: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().(CVE-2017-13037)
tcpdump: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().(CVE-2017-13038)
tcpdump: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().(CVE-2017-13042)
tcpdump: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().(CVE-2017-13044)
tcpdump: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)
tcpdump: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-13046)
tcpdump: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)
tcpdump: The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().(CVE-2017-13049)
tcpdump: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13051)
tcpdump: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().(CVE-2017-13052)
tcpdump: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().(CVE-2017-13688)
tcpdump: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().(CVE-2017-13689)
tcpdump: 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.(CVE-2017-11541)
tcpdump: 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.(CVE-2017-11542)
tcpdump: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F12.

影响组件

  • ghostscript
  • tcpdump

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["ghostscript-9.07-31.el7_6.10.x86_64.rpm","ghostscript-cups-9.07-31.el7_6.10.x86_64.rpm","ghostscript-debuginfo-9.07-31.el7_6.10.x86_64.rpm","ghostscript-devel-9.07-31.el7_6.10.x86_64.rpm","ghostscript-doc-9.07-31.el7_6.10.noarch.rpm","ghostscript-gtk-9.07-31.el7_6.10.x86_64.rpm"],"source":"ghostscript-9.07-31.el7_6.10.src.rpm"},{"binary":["tcpdump-4.9.2-3.el7.x86_64.rpm","tcpdump-debuginfo-4.9.2-3.el7.x86_64.rpm"],"source":"tcpdump-4.9.2-3.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["ghostscript-9.07-31.el7_6.10.x86_64.rpm","ghostscript-cups-9.07-31.el7_6.10.x86_64.rpm","ghostscript-debuginfo-9.07-31.el7_6.10.x86_64.rpm","ghostscript-devel-9.07-31.el7_6.10.x86_64.rpm","ghostscript-doc-9.07-31.el7_6.10.noarch.rpm","ghostscript-gtk-9.07-31.el7_6.10.x86_64.rpm"],"source":"ghostscript-9.07-31.el7_6.10.src.rpm"},{"binary":["tcpdump-4.9.2-3.el7.x86_64.rpm","tcpdump-debuginfo-4.9.2-3.el7.x86_64.rpm"],"source":"tcpdump-4.9.2-3.el7.src.rpm"}]}]}

CVE

参考