Описание
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Отчет
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ghostscript | Will not fix | ||
| Red Hat Enterprise Linux 6 | ghostscript | Will not fix | ||
| Red Hat Enterprise Linux 8 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2018:3834 | 17.12.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Artifex Ghostscript allows attackers to bypass a sandbox protection me ...
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
Уязвимость компонента Sandbox Protection Mechanism набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю обойти защитный механизм изолированной программной среды и раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3