#12398: Ghostscript CVE-2019-10216
-------------------------+-----------------------
Reporter: ken@… | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 9.0
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-----------------------
From redhat [https://access.redhat.com/security/cve/cve-2019-10216] (still
shown as 'reserved' at Mitre).
It was found that the .buildfont1 procedure did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An
attacker could abuse this flaw by creating a specially crafted PostScript
file that could escalate privileges and access files outside of restricted
areas.
CVSS3 base rating 7.3 (high)
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12398>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
