ghostscript-8.70-24.AXS4.2
エラータID: AXSA:2018-3430:01
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Security Fix(es):
* It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509)
Asianux would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.
CVE-2018-16509
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Update packages.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
N/A
SRPMS
- ghostscript-8.70-24.AXS4.2.src.rpm
MD5: 121ee6d7c3433e174e2e81a13f56dc7c
SHA-256: 087ecdffa52a8c330802b838e69ace70f2d37267ef56c6bc9a10cf7be9f82c3a
Size: 12.19 MB
Asianux Server 4 for x86
- ghostscript-8.70-24.AXS4.2.i686.rpm
MD5: 8e6e1430a304c47a0729dfe7f8d2e5b1
SHA-256: e36296fc55b4655f81a2408361de5f26c563951bc6fb4e3b4110d5f6af4ae69e
Size: 4.46 MB
Asianux Server 4 for x86_64
- ghostscript-8.70-24.AXS4.2.x86_64.rpm
MD5: 939b666f7f9c824867a3100ad201e924
SHA-256: f02c80bcadbd443963d380459625965bab4fa86db0c50e2e6b19348a55de7829
Size: 4.42 MB - ghostscript-8.70-24.AXS4.2.i686.rpm
MD5: 8e6e1430a304c47a0729dfe7f8d2e5b1
SHA-256: e36296fc55b4655f81a2408361de5f26c563951bc6fb4e3b4110d5f6af4ae69e
Size: 4.46 MB
日本語