1 |
type: security |
2 |
subject: Updated ghostscript packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2019-3835 |
5 |
- CVE-2019-3838 |
6 |
src: |
7 |
6: |
8 |
core: |
9 |
- ghostscript-9.26-1.3.mga6 |
10 |
description: | |
11 |
It was found that the superexec operator was available in the internal |
12 |
dictionary. A specially crafted PostScript file could use this flaw in |
13 |
order to, for example, have access to the file system outside of the |
14 |
constrains imposed by -dSAFER. (CVE-2019-3835) |
15 |
|
16 |
It was found that the forceput operator could be extracted from the |
17 |
DefineResource method using methods similar to the ones described in |
18 |
CVE-2019-6116. A specially crafted PostScript file could use this flaw in |
19 |
order to, for example, have access to the file system outside of the |
20 |
constraints imposed by -dSAFER. (CVE-2019-3838) |
21 |
references: |
22 |
- https://bugs.mageia.org/show_bug.cgi?id=24548 |
23 |
- https://www.openwall.com/lists/oss-security/2019/03/21/1 |
24 |
- https://access.redhat.com/errata/RHSA-2019:0633 |
25 |
ID: MGASA-2019-0130 |