Arch Linux Security Advisory ASA-201911-5
========================================
Severity: High
Date    : 2019-11-03
CVE-ID  : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
Package : ghostscript
Type    : sandbox escape
Remote  : No
Link    : https://security.archlinux.org/AVG-1031

Summary
======
The package ghostscript before version 9.50-1 is vulnerable to sandbox
escape.

Resolution
=========
Upgrade to 9.50-1.

# pacman -Syu "ghostscript>=9.50-1"

The problems have been fixed upstream in version 9.50.

Workaround
=========
None.

Description
==========
- CVE-2019-14811 (sandbox escape)

Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.

- CVE-2019-14812 (sandbox escape)

Safer Mode Bypass by .forceput Exposure in setuserparams

- CVE-2019-14813 (sandbox escape)

Safer Mode Bypass by .forceput Exposure in setsystemparams

- CVE-2019-14817 (sandbox escape)

Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other
procedures.

Impact
=====
An attacker is able to escape the sandbox provided by ghostscript.

References
=========
https://marc.info/?l=oss-security&m=156699539604858
https://git.ghostscript.com/;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
https://git.ghostscript.com/;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
https://security.archlinux.org/CVE-2019-14811
https://security.archlinux.org/CVE-2019-14812
https://security.archlinux.org/CVE-2019-14813
https://security.archlinux.org/CVE-2019-14817

ArchLinux: 201911-5: ghostscript: sandbox escape

November 4, 2019

Summary

- CVE-2019-14811 (sandbox escape) Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.
- CVE-2019-14812 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in setuserparams
- CVE-2019-14813 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in setsystemparams
- CVE-2019-14817 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures.

Resolution

Upgrade to 9.50-1. # pacman -Syu "ghostscript>=9.50-1"
The problems have been fixed upstream in version 9.50.

References

https://marc.info/?l=oss-security&m=156699539604858 https://git.ghostscript.com/;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 https://git.ghostscript.com/;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 https://security.archlinux.org/CVE-2019-14811 https://security.archlinux.org/CVE-2019-14812 https://security.archlinux.org/CVE-2019-14813 https://security.archlinux.org/CVE-2019-14817

Severity
Package : ghostscript
Type : sandbox escape
Remote : No
Link : https://security.archlinux.org/AVG-1031

Workaround

None.

Related News