ArchLinux: 201901-18: ghostscript: sandbox escape

    Date31 Jan 2019
    CategoryArchLinux
    725
    Posted ByAnthony Pell
    The package ghostscript before version 9.26-2 is vulnerable to sandbox escape.
    Arch Linux Security Advisory ASA-201901-18
    ==========================================
    
    Severity: High
    Date    : 2019-01-29
    CVE-ID  : CVE-2019-6116
    Package : ghostscript
    Type    : sandbox escape
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-860
    
    Summary
    =======
    
    The package ghostscript before version 9.26-2 is vulnerable to sandbox
    escape.
    
    Resolution
    ==========
    
    Upgrade to 9.26-2.
    
    # pacman -Syu "ghostscript>=9.26-2"
    
    The problem has been fixed upstream but no release is available yet.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    It was found that ghostscript could leak sensitive operators on the
    operand stack when a pseudo-operator pushes a subroutine. A specially
    crafted PostScript file could use this flaw to escape the -dSAFER
    protection in order to, for example, have access to the file system and
    execute commands.
    
    Impact
    ======
    
    A remote attacker is able to escape the sandbox via a specially crafted
    PostScript document.
    
    References
    ==========
    
    https://marc.info/?l=oss-security&m=154825433813390
    https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
    https://bugs.ghostscript.com/show_bug.cgi?id=700317
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
    https://security.archlinux.org/CVE-2019-6116
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.