ghostscript-9.25-2.el7.2
エラータID: AXSA:2019-4296:03
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Security Fix(es):
* ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811)
* ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) (CVE-2019-14812)
* ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813)
* ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) (CVE-2019-14817)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-14811
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-14812
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-14813
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-14817
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Update packages.
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
N/A
SRPMS
- ghostscript-9.25-2.el7.2.src.rpm
MD5: 16be7bdbcbec733dc5e5de9c2f827aed
SHA-256: 151b80449995b39147544a3d7c99b90fd765e08c27dfc0df7726bba4146b203e
Size: 31.64 MB
Asianux Server 7 for x86_64
- ghostscript-9.25-2.el7.2.x86_64.rpm
MD5: 14bc23696e41de3c860c6685a06d3ba1
SHA-256: 5773ca1f07f51d9c80d818d24c04675b82f9d2332f8e99e317d9a24db8a349fc
Size: 110.56 kB - ghostscript-cups-9.25-2.el7.2.x86_64.rpm
MD5: 01648c3abef593e1a52edab73e1405e3
SHA-256: 3685dc03f1da465a4e29ee738b85f9115ded26c2111a1bb828ca827bd249e5f1
Size: 59.86 kB - libgs-9.25-2.el7.2.x86_64.rpm
MD5: e4c26d7eb7868c31b9e84b5e9e0987ac
SHA-256: 8796e3e39a157aa2e107475ecfccfc6343f401f3864693a4be5c2ef8eaa9c4ab
Size: 4.58 MB - libgs-devel-9.25-2.el7.2.x86_64.rpm
MD5: 597df0273b5c4efd4e6b948546a73d94
SHA-256: 4c20b34310bb3b9f6e0a19e762709740d644f09378fb7a7511591d4e5240b11e
Size: 55.86 kB - ghostscript-9.25-2.el7.2.i686.rpm
MD5: 042b39c81ee681e20db3fb39a5629b6e
SHA-256: 94e154644c4c91d9ef47110a844ba1c38218012f49cb17ad3d192357d9dcaeda
Size: 110.69 kB - libgs-9.25-2.el7.2.i686.rpm
MD5: a499ed2cfd2f7d76712b6daa601783d7
SHA-256: 6d1e7734a9e8a5042d773226c90a9ab64aa8a4e3c68d0316d39e3589a1ae1fcc
Size: 4.58 MB - libgs-devel-9.25-2.el7.2.i686.rpm
MD5: 2ae54accf749f1d1afc7739080221717
SHA-256: 408c93cb84195ab7723477b928f8019bd08783933ab7923cfb88ccb38e0bbbc9
Size: 55.90 kB