I'm sure you are all keeping up to date with fixing vulnerabilities,
so I won't detail today's update to texlive source, or the other
security fixes in the past few days, but exceptionally I'm going to
mention the update to ghostscript which I've just committed.
For gs-9.25, apply the ghostscript-9.25-security_fixes-1.patch which
is in lfs patches, and should be directly linked from the book when
it is next rendered.
The reason I'm mentioning this is that a reasonably-benign proof of
concept is available, as well as others, and can be triggered by
opening malicious postscript files. In particular, opening in gimp
and evince (known to be possible with gs-9.24) and probably several
others. The vulnerability applies to all versions of ghostscript
that are likely to still be in use, although the patch probably only
applies to 9.25.
ĸen
--
Is it about a bicycle ?
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
