Описание
ELSA-2019-2462: ghostscript security update (IMPORTANT)
[9.25-2.1]
- Resolves: #1737338 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ghostscript
9.25-2.el7_7.1
ghostscript-cups
9.25-2.el7_7.1
ghostscript-doc
9.25-2.el7_7.1
ghostscript-gtk
9.25-2.el7_7.1
libgs
9.25-2.el7_7.1
libgs-devel
9.25-2.el7_7.1
Oracle Linux x86_64
ghostscript
9.25-2.el7_7.1
ghostscript-cups
9.25-2.el7_7.1
ghostscript-doc
9.25-2.el7_7.1
ghostscript-gtk
9.25-2.el7_7.1
libgs
9.25-2.el7_7.1
libgs-devel
9.25-2.el7_7.1
Связанные CVE
Связанные уязвимости
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
In ghostscript before version 9.50, the .buildfont1 procedure did not ...
