ArchLinux: 201901-18: ghostscript: sandbox escape

    Date31 Jan 2019
    CategoryArchLinux
    557
    Posted ByAnthony Pell
    The package ghostscript before version 9.26-2 is vulnerable to sandbox escape.
    Arch Linux Security Advisory ASA-201901-18
    ==========================================
    
    Severity: High
    Date    : 2019-01-29
    CVE-ID  : CVE-2019-6116
    Package : ghostscript
    Type    : sandbox escape
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-860
    
    Summary
    =======
    
    The package ghostscript before version 9.26-2 is vulnerable to sandbox
    escape.
    
    Resolution
    ==========
    
    Upgrade to 9.26-2.
    
    # pacman -Syu "ghostscript>=9.26-2"
    
    The problem has been fixed upstream but no release is available yet.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    It was found that ghostscript could leak sensitive operators on the
    operand stack when a pseudo-operator pushes a subroutine. A specially
    crafted PostScript file could use this flaw to escape the -dSAFER
    protection in order to, for example, have access to the file system and
    execute commands.
    
    Impact
    ======
    
    A remote attacker is able to escape the sandbox via a specially crafted
    PostScript document.
    
    References
    ==========
    
    https://marc.info/?l=oss-security&m=154825433813390
    https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
    https://bugs.ghostscript.com/show_bug.cgi?id=700317
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
    https://security.archlinux.org/CVE-2019-6116
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.