Описание
ELSA-2019-3888: ghostscript security update (IMPORTANT)
[9.25-2.3]
- 1769340 - CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ghostscript
9.25-2.el7_7.3
ghostscript-cups
9.25-2.el7_7.3
ghostscript-doc
9.25-2.el7_7.3
ghostscript-gtk
9.25-2.el7_7.3
libgs
9.25-2.el7_7.3
libgs-devel
9.25-2.el7_7.3
Oracle Linux x86_64
ghostscript
9.25-2.el7_7.3
ghostscript-cups
9.25-2.el7_7.3
ghostscript-doc
9.25-2.el7_7.3
ghostscript-gtk
9.25-2.el7_7.3
libgs
9.25-2.el7_7.3
libgs-devel
9.25-2.el7_7.3
Связанные CVE
Связанные уязвимости
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
A flaw was found in all versions of ghostscript 9.x before 9.50, where ...
