MGASA-2019-0236

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0236.html

Import Source

https://advisories.mageia.org/MGASA-2019-0236.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0236

Related

CVE-2019-10216

Published

2019-08-31T13:22:36Z

Modified

2019-08-31T12:33:24Z

Summary

Updated ghostscript packages fix security vulnerability

Details

Updated ghostscript packages fix security vulnerability:

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas (CVE-2019-10216).

Also, the Mageia 7 update fixes a bounding box issue that affects klatexformula (mga#24866).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ghostscript

Package

Name: ghostscript
Purl: pkg:rpm/mageia/ghostscript?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.27-1.2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / ghostscript

Package

Name: ghostscript
Purl: pkg:rpm/mageia/ghostscript?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.26-1.5.mga6

Ecosystem specific

{
    "section": "core"
}