Arch Linux alert ASA-202109-3 (ghostscript)
| From: | Jonas Witschel via arch-security <arch-security@lists.archlinux.org> | |
| To: | arch-security@lists.archlinux.org | |
| Subject: | [ASA-202109-3] ghostscript: arbitrary command execution | |
| Date: | Wed, 15 Sep 2021 10:48:19 +0200 | |
| Message-ID: | <20210915084819.upw6dvzvk5oyfj3a@archlinux.org> | |
| Cc: | Jonas Witschel <diabonas@archlinux.org> |
Arch Linux Security Advisory ASA-202109-3 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-3781 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2374 Summary ======= The package ghostscript before version 9.54.0-3 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 9.54.0-3. # pacman -Syu "ghostscript>=9.54.0-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. Impact ====== An attacker could execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://bugs.ghostscript.com/show_bug.cgi?id=704342 https://twitter.com/emil_lerner/status/1430502815181463559 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;... https://security.archlinux.org/CVE-2021-3781