ghostscript-9.25-2.el7.3

エラータID: AXSA:2019-4385:04

Release date: 
Thursday, November 14, 2019 - 20:51
Subject: 
ghostscript-9.25-2.el7.3
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: -dSAFER escape in .charkeys (701841) (CVE-2019-14869)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14869
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Additional Info: 

N/A

Download: 

SRPMS
  1. ghostscript-9.25-2.el7.3.src.rpm
    MD5: 3c0560abb417187ae2489d214975b274
    SHA-256: 0625bf9e48cb9ee16a7b76b478f22289b7a1ffd76f88e8a3a25640ce6b8bf32e
    Size: 31.64 MB

Asianux Server 7 for x86_64
  1. ghostscript-9.25-2.el7.3.x86_64.rpm
    MD5: 0d89d6f2779506e13af84a54c7a46115
    SHA-256: cb87e01616f972d8fead8131836c2df60b65f6fad374526146864da2b5c730fd
    Size: 110.69 kB
  2. ghostscript-cups-9.25-2.el7.3.x86_64.rpm
    MD5: e1fe9674e517416e3260fdbe2a842fe7
    SHA-256: 3fb04de5fda81e6d6977fb9144801c6a9d30b85ee5e9ee4fdc0244aae3e79967
    Size: 59.98 kB
  3. libgs-9.25-2.el7.3.x86_64.rpm
    MD5: a0ee8e68464c2f472696ed0bbf71bc1d
    SHA-256: 3cdc6f2ab3e3ad4cdec746270679b8b8aa508fbf454c80f78cd496f400d68bd7
    Size: 4.58 MB
  4. libgs-devel-9.25-2.el7.3.x86_64.rpm
    MD5: db1434a71c24d0e98c8491c621bd3236
    SHA-256: 9491df5be61c88bc8333e580a3e407f2eb6f612d126bbc70399d76efd4598a00
    Size: 55.97 kB
  5. ghostscript-9.25-2.el7.3.i686.rpm
    MD5: ae4aca2bd5bddd9d5dd9143d3eb500eb
    SHA-256: 43ff852219e82b6d5435e8b704c07ef0e496ccb42af62e8a0c2380c03f657646
    Size: 110.81 kB
  6. libgs-9.25-2.el7.3.i686.rpm
    MD5: 10b855332dbf76601b3bcbc6fff1c450
    SHA-256: 2db7fda5e447a265301b0a7c67cb839202bce844476d448b83691688c55910c8
    Size: 4.58 MB
  7. libgs-devel-9.25-2.el7.3.i686.rpm
    MD5: 9f11da9029532d25d49d9397bf151969
    SHA-256: e334524f6a90057d40b5bac6e7a1d43729b1643367d1fc6e1552d4ae86d129f3
    Size: 56.02 kB