ELSA-2019-3890

Опубликовано: 22 нояб. 2019

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2019-3890: ghostscript security update (IMPORTANT)

[9.25-5.1]

1769342 - CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

ghostscript

9.25-5.el8_1.1

ghostscript-doc

9.25-5.el8_1.1

ghostscript-tools-dvipdf

9.25-5.el8_1.1

ghostscript-tools-fonts

9.25-5.el8_1.1

ghostscript-tools-printing

9.25-5.el8_1.1

ghostscript-x11

9.25-5.el8_1.1

libgs

9.25-5.el8_1.1

libgs-devel

9.25-5.el8_1.1

Oracle Linux x86_64

ghostscript

9.25-5.el8_1.1

ghostscript-doc

9.25-5.el8_1.1

ghostscript-tools-dvipdf

9.25-5.el8_1.1

ghostscript-tools-fonts

9.25-5.el8_1.1

ghostscript-tools-printing

9.25-5.el8_1.1

ghostscript-x11

9.25-5.el8_1.1

libgs

9.25-5.el8_1.1

libgs-devel

9.25-5.el8_1.1

Связанные CVE

CVE-2019-14869

Ссылки на источники

Связанные уязвимости

CVE-2019-14869

CVSS3: 8.8

ubuntu

около 6 лет назад

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.