ArchLinux: 201901-18 High Severity Ghostscript Sandbox Escape Issue

Arch Linux Security Advisory ASA-201901-18
=========================================
Severity: High
Date    : 2019-01-29
CVE-ID  : CVE-2019-6116
Package : ghostscript
Type    : sandbox escape
Remote  : Yes
Link    : https://security.archlinux.org/AVG-860

Summary
======
The package ghostscript before version 9.26-2 is vulnerable to sandbox
escape.

Resolution
=========
Upgrade to 9.26-2.

# pacman -Syu "ghostscript>=9.26-2"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
It was found that ghostscript could leak sensitive operators on the
operand stack when a pseudo-operator pushes a subroutine. A specially
crafted PostScript file could use this flaw to escape the -dSAFER
protection in order to, for example, have access to the file system and
execute commands.

Impact
=====
A remote attacker is able to escape the sandbox via a specially crafted
PostScript document.

References
=========
https://marc.info/?l=oss-security&m=154825433813390
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
https://bugs.ghostscript.com/show_bug.cgi?id=700317






https://security.archlinux.org/CVE-2019-6116