Описание
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Меры по смягчению последствий
Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 5 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ghostscript | Out of support scope | ||
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/3scale-operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/apicast-gateway | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/backend | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/operator | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/toolbox | Fixed | RHSA-2019:2534 | 21.08.2019 |
| 3scale API Management 2.6 on RHEL 7 | 3scale-amp26/zync | Fixed | RHSA-2019:2534 | 21.08.2019 |
| Red Hat Enterprise Linux 7 | ghostscript | Fixed | RHSA-2019:2586 | 02.09.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Уязвимость процедуры .pdf_hook_DSC_Creator программы конвертирования файлов формата PostScript Ghostscript, позволяющая нарушителю получить доступ к файловой системе
EPSS
7.3 High
CVSS3