Just when you thought there was a "safe" graphic document format...
CERT says: https://www.kb.cert.org/vuls/id/332928 A similar problem in ghostscript, fixed in 2006: http://seclists.org/oss-sec/2016/q4/29 Tech press says: https://threatpost.com/unpatched-ghostscript-flaws-allow-remote-takeover-of-systems/136800/ Not sure about the "take total control" part unless a payload can trick the user into entering the root password in a bogus dialog on the desktop: Nothing that uses ghostscript /should/ have administrator privileges. Isn't a family of exploits that can do everything the user can do in a terminal bad enough? So until patch, no u view PDF or PS dox from unknown source, untrusted source, or passed thorough insecure network. No reports of exploits in the wild as yet. :o/
signature.asc
Description: OpenPGP digital signature
