[blfs-book] [BLFS Trac] #12398: Ghostscript CVE-2019-10216

BLFS Trac via blfs-book Wed, 14 Aug 2019 16:39:56 -0700

#12398: Ghostscript CVE-2019-10216
-------------------------+-----------------------
 Reporter:  ken@…        |      Owner:  blfs-book
     Type:  enhancement  |     Status:  new
 Priority:  high         |  Milestone:  9.0
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-----------------------
 From redhat [https://access.redhat.com/security/cve/cve-2019-10216] (still
 shown as 'reserved' at Mitre).


 It was found that the .buildfont1 procedure did not properly secure its
 privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An
 attacker could abuse this flaw by creating a specially crafted PostScript
 file that could escalate privileges and access files outside of restricted
 areas.

 CVSS3 base rating 7.3 (high)

 Attack Vector           Network

 Attack Complexity       Low

 Privileges Required     None

 User Interaction        None

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12398>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-book] [BLFS Trac] #12398: Ghostscript CVE-2019-10216

Reply via email to