ArchLinux: 201911-5: ghostscript: sandbox escape

    Date04 Nov 2019
    CategoryArchLinux
    147
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package ghostscript before version 9.50-1 is vulnerable to sandbox escape.
    Arch Linux Security Advisory ASA-201911-5
    =========================================
    
    Severity: High
    Date    : 2019-11-03
    CVE-ID  : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
    Package : ghostscript
    Type    : sandbox escape
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1031
    
    Summary
    =======
    
    The package ghostscript before version 9.50-1 is vulnerable to sandbox
    escape.
    
    Resolution
    ==========
    
    Upgrade to 9.50-1.
    
    # pacman -Syu "ghostscript>=9.50-1"
    
    The problems have been fixed upstream in version 9.50.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-14811 (sandbox escape)
    
    Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.
    
    - CVE-2019-14812 (sandbox escape)
    
    Safer Mode Bypass by .forceput Exposure in setuserparams
    
    - CVE-2019-14813 (sandbox escape)
    
    Safer Mode Bypass by .forceput Exposure in setsystemparams
    
    - CVE-2019-14817 (sandbox escape)
    
    Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other
    procedures.
    
    Impact
    ======
    
    An attacker is able to escape the sandbox provided by ghostscript.
    
    References
    ==========
    
    https://marc.info/?l=oss-security&m=156699539604858
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
    https://security.archlinux.org/CVE-2019-14811
    https://security.archlinux.org/CVE-2019-14812
    https://security.archlinux.org/CVE-2019-14813
    https://security.archlinux.org/CVE-2019-14817
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.