MGASA-2019-0130 Updated ghostscript packages fix security vulnerability

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...

ALPINE-CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

DEBIAN-CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

Design/Logic Flaw

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:0718-1)

This update for ghostscript fixes the following issue : Security issue fixed : CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER bsc1129186. Note that Tenable...

ghostscript: forceput in DefineResource is still accessible (700576)

It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

ghostscript security and bug fix update

9.07-31.el76.10 - Resolves: 1673915 - ghostscript: Regression: double comment chars '%' in gsinit.ps leading to missing metadata - Resolves: 1678171 - CVE-2019-3835 ghostscript: superexec operator is available 700585 - Resolves: 1680025 - CVE-2019-3838 ghostscript: forceput in DefineResource is...

The vulnerability of the 1Policy procedure (the “forceput” version of the procedure) for software that processes, transforms, and generates Ghostscript documents involves a possibility to bypass the environment for secure execution. This allows a perpetrator to execute arbitrary code.

The vulnerability of the 1Policy procedure the “forceput” version of the procedure in the software for processing, transforming, and generating Ghostscript documents is related to the possibility of circumventing the environment for secure execution, even when the -dSAFER option is used. Exploiti...

Ubuntu Ghostscript Failed Fix

Ubuntu: incomplete fix for CVE-2018-16510 This Ubuntu advisory claims to fix CVE-2018-16510: https://usn.ubuntu.com/3768-1/ That does not appear to be true. The root cause of CVE-2018-16510 was that a bunch of procedures were in userdict that should have been executeonly, but were not. In...

Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix many bugs and security vulnerabilities: Bypassing executeonly to escape -dSAFER sandbox. CVE-2018-17961 Saved execution stacks can leak operator arrays. CVE-2018-18073 1Policy operator gives access to .forceput. CVE-2018-18284...