ghostscript: CVE-2019-14811, CVE-2019-14817 - linux/poky.git

diff options

author	Stefan Ghinea <stefan.ghinea@windriver.com>	2019-09-10 09:34:12 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-16 23:02:44 +0100
commit	7f87451e6ea28cb028598e5358387d2c06e291a9 (patch)
tree	143eb226c481418dcc1bbb4f4724a8e7249d3712 /meta/recipes-devtools
parent	7920994ba885f6ffbf4f152ff6369a714775b9e0 (diff)
download	poky-7f87451e6ea28cb028598e5358387d2c06e291a9.tar.gz

ghostscript: CVE-2019-14811, CVE-2019-14817

A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. References: https://nvd.nist.gov/vuln/detail/CVE-2019-14811 https://nvd.nist.gov/vuln/detail/CVE-2019-14817 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 (From OE-Core rev: 1533b92848ea73d6fe6ba22d87d7b6749b47842c) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-devtools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: