Arch Linux Security Advisory ASA-201901-18
=========================================
Severity: High
Date    : 2019-01-29
CVE-ID  : CVE-2019-6116
Package : ghostscript
Type    : sandbox escape
Remote  : Yes
Link    : https://security.archlinux.org/AVG-860

Summary
======
The package ghostscript before version 9.26-2 is vulnerable to sandbox
escape.

Resolution
=========
Upgrade to 9.26-2.

# pacman -Syu "ghostscript>=9.26-2"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
It was found that ghostscript could leak sensitive operators on the
operand stack when a pseudo-operator pushes a subroutine. A specially
crafted PostScript file could use this flaw to escape the -dSAFER
protection in order to, for example, have access to the file system and
execute commands.

Impact
=====
A remote attacker is able to escape the sandbox via a specially crafted
PostScript document.

References
=========
https://marc.info/?l=oss-security&m=154825433813390
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
https://bugs.ghostscript.com/show_bug.cgi?id=700317
https://git.ghostscript.com/;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
https://git.ghostscript.com/;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
https://git.ghostscript.com/;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
https://git.ghostscript.com/;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
https://git.ghostscript.com/;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
https://git.ghostscript.com/;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
https://security.archlinux.org/CVE-2019-6116

ArchLinux: 201901-18: ghostscript: sandbox escape

January 31, 2019

Summary

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.

Resolution

Upgrade to 9.26-2. # pacman -Syu "ghostscript>=9.26-2"
The problem has been fixed upstream but no release is available yet.

References

https://marc.info/?l=oss-security&m=154825433813390 https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2 https://bugs.ghostscript.com/show_bug.cgi?id=700317 https://git.ghostscript.com/;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 https://git.ghostscript.com/;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db https://git.ghostscript.com/;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a https://git.ghostscript.com/;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 https://git.ghostscript.com/;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 https://git.ghostscript.com/;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 https://security.archlinux.org/CVE-2019-6116

Severity
Package : ghostscript
Type : sandbox escape
Remote : Yes
Link : https://security.archlinux.org/AVG-860

Workaround

None.

Related News

1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved