[manjaro-security] [ASA-202109-3] ghostscript: arbitrary command execution
Jonas Witschel via arch-security
arch-security at lists.archlinux.org
Wed Sep 15 10:48:19 CEST 2021
Arch Linux Security Advisory ASA-202109-3
=========================================
Severity: High
Date : 2021-09-14
CVE-ID : CVE-2021-3781
Package : ghostscript
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-2374
Summary
=======
The package ghostscript before version 9.54.0-3 is vulnerable to
arbitrary command execution.
Resolution
==========
Upgrade to 9.54.0-3.
# pacman -Syu "ghostscript>=9.54.0-3"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
A trivial sandbox (enabled with the -dSAFER option) escape security
issue was found in the ghostscript interpreter by injecting a specially
crafted pipe command. This flaw allows a specially crafted document to
execute arbitrary commands on the system in the context of the
ghostscript interpreter.
Impact
======
An attacker could execute arbitrary commands through crafted documents,
bypassing the interpreter's sandbox.
References
==========
https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://bugs.ghostscript.com/show_bug.cgi?id=704342
https://twitter.com/emil_lerner/status/1430502815181463559
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
https://security.archlinux.org/CVE-2021-3781
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20210915/66670fd5/attachment.sig>
More information about the manjaro-security
mailing list