[website] r1500 - in html/trunk/blfs/errata: 9.0 9.0-systemd

Wed, 09 Oct 2019 21:02:26 -0700 

Author: renodr
Date: Wed Oct  9 20:59:06 2019
New Revision: 1500

Log:
Add errata for ghostscript sandbox escape vulnerabilities

Modified:
   html/trunk/blfs/errata/9.0-systemd/index.html
   html/trunk/blfs/errata/9.0/index.html

Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html       Tue Oct  8 10:46:42 
2019        (r1499)
+++ html/trunk/blfs/errata/9.0-systemd/index.html       Wed Oct  9 20:59:06 
2019        (r1500)
@@ -97,6 +97,14 @@
      <a 
href="http://linuxfromscratch.org/patches/downloads/systemd/systemd-241-security_patch-1.patch";>
      systemd-241-security_patch-1.patch</a>.</p>
 
+     <p>After release, four new sandbox/-dSAFER escape vulnerabilities were
+     discovered in Ghostscript. Unless these vulnerabilities are patched,
+     PDF documents can access the filesystem outside of restricted areas
+     and execute arbitrary commands. To fix these vulnerabilities, apply
+     the updated "-2" patch found in
+     <a href="../../view/svn/pst/ghostscript.html">ghostscript-9.27</a>.</p>
+
+
      <h2>Known Security Vulnerabilities</h2>
      
      <p>A few packages are good at reporting that a new

Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html       Tue Oct  8 10:46:42 2019        
(r1499)
+++ html/trunk/blfs/errata/9.0/index.html       Wed Oct  9 20:59:06 2019        
(r1500)
@@ -102,6 +102,13 @@
      instructions in
      <a href="../../view/svn/server/unbound.html">Unbound-1.9.4</a>.</p>
 
+     <p>After release, four new sandbox/-dSAFER escape vulnerabilities were
+     discovered in Ghostscript. Unless these vulnerabilities are patched,
+     PDF documents can access the filesystem outside of restricted areas
+     and execute arbitrary commands. To fix these vulnerabilities, apply
+     the updated "-2" patch found in
+     <a href="../../view/svn/pst/ghostscript.html">ghostscript-9.27</a>.</p>
+
 <!--
      <p>A vulnerability with available exploits in all recent versions of
      ghostscript has been fixed in the development book by patching gs-9.25.
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to