[manjaro-security] [ASA-201911-5] ghostscript: sandbox escape
Christian Rebischke
Chris.Rebischke at archlinux.org
Mon Nov 4 20:32:51 CET 2019
Arch Linux Security Advisory ASA-201911-5
=========================================
Severity: High
Date : 2019-11-03
CVE-ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
Package : ghostscript
Type : sandbox escape
Remote : No
Link : https://security.archlinux.org/AVG-1031
Summary
=======
The package ghostscript before version 9.50-1 is vulnerable to sandbox
escape.
Resolution
==========
Upgrade to 9.50-1.
# pacman -Syu "ghostscript>=9.50-1"
The problems have been fixed upstream in version 9.50.
Workaround
==========
None.
Description
===========
- CVE-2019-14811 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.
- CVE-2019-14812 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in setuserparams
- CVE-2019-14813 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in setsystemparams
- CVE-2019-14817 (sandbox escape)
Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other
procedures.
Impact
======
An attacker is able to escape the sandbox provided by ghostscript.
References
==========
https://marc.info/?l=oss-security&m=156699539604858
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
https://security.archlinux.org/CVE-2019-14811
https://security.archlinux.org/CVE-2019-14812
https://security.archlinux.org/CVE-2019-14813
https://security.archlinux.org/CVE-2019-14817
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20191104/99a40cef/attachment.sig>
More information about the manjaro-security
mailing list