Arch Linux update for ghostscript



Published: 2019-04-11 | Updated: 2019-04-21
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-3835
CVE-2019-3838
CVE-2019-6116
CWE-ID CWE-749
CWE-78
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Arch Linux
Operating systems & Components / Operating system

Vendor Arch Linux

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Exposed dangerous method or function

EUVDB-ID: #VU18288

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3835

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due presence of superexec operator within the internal dictionary. A remote attacker can create a specially crafted PDF file, trick the victim into opening, bypass system restrictions of the dSAFER sandbox and access files on the system.

Mitigation

Update the affected package ghostscript to version 9.27-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201904-5


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) OS Command Injection

EUVDB-ID: #VU18055

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3838

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing PostScript files with Ghostscript. A remote attacker can create a specially crafted PDF file, trick the victim to open it and execute arbitrary commands on the affected system.

Mitigation

Update the affected package ghostscript to version 9.27-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201904-5


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Command Injection

EUVDB-ID: #VU17230

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6116

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to leak of sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A remote unauthenticated attacker can supply a specially crafted PostScript file to escape the -dSAFER protection, gain access to the file system and execute arbitrary commands.

Mitigation

Update the affected package ghostscript to version 9.27-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201904-5


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###