ghostscript-9.25-2.el7.2

エラータID: AXSA:2019-4296:03

リリース日: 
2019/09/19 Thursday - 08:48
題名: 
ghostscript-9.25-2.el7.2
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- 現時点では CVE-2019-14811,CVE-2019-14812,
CVE-2019-14813,CVE-2019-14817 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14812
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ghostscript-9.25-2.el7.2.src.rpm
    MD5: 16be7bdbcbec733dc5e5de9c2f827aed
    SHA-256: 151b80449995b39147544a3d7c99b90fd765e08c27dfc0df7726bba4146b203e
    Size: 31.64 MB

Asianux Server 7 for x86_64
  1. ghostscript-9.25-2.el7.2.x86_64.rpm
    MD5: 14bc23696e41de3c860c6685a06d3ba1
    SHA-256: 5773ca1f07f51d9c80d818d24c04675b82f9d2332f8e99e317d9a24db8a349fc
    Size: 110.56 kB
  2. ghostscript-cups-9.25-2.el7.2.x86_64.rpm
    MD5: 01648c3abef593e1a52edab73e1405e3
    SHA-256: 3685dc03f1da465a4e29ee738b85f9115ded26c2111a1bb828ca827bd249e5f1
    Size: 59.86 kB
  3. libgs-9.25-2.el7.2.x86_64.rpm
    MD5: e4c26d7eb7868c31b9e84b5e9e0987ac
    SHA-256: 8796e3e39a157aa2e107475ecfccfc6343f401f3864693a4be5c2ef8eaa9c4ab
    Size: 4.58 MB
  4. libgs-devel-9.25-2.el7.2.x86_64.rpm
    MD5: 597df0273b5c4efd4e6b948546a73d94
    SHA-256: 4c20b34310bb3b9f6e0a19e762709740d644f09378fb7a7511591d4e5240b11e
    Size: 55.86 kB
  5. ghostscript-9.25-2.el7.2.i686.rpm
    MD5: 042b39c81ee681e20db3fb39a5629b6e
    SHA-256: 94e154644c4c91d9ef47110a844ba1c38218012f49cb17ad3d192357d9dcaeda
    Size: 110.69 kB
  6. libgs-9.25-2.el7.2.i686.rpm
    MD5: a499ed2cfd2f7d76712b6daa601783d7
    SHA-256: 6d1e7734a9e8a5042d773226c90a9ab64aa8a4e3c68d0316d39e3589a1ae1fcc
    Size: 4.58 MB
  7. libgs-devel-9.25-2.el7.2.i686.rpm
    MD5: 2ae54accf749f1d1afc7739080221717
    SHA-256: 408c93cb84195ab7723477b928f8019bd08783933ab7923cfb88ccb38e0bbbc9
    Size: 55.90 kB