SB2019081379 - Permissions, Privileges, and Access Controls in ghostscript (Alpine package)
Published: August 13, 2019 Updated: July 18, 2022
Security Bulletin ID
SB2019081379
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10216)
The vulnerability allows a remote attacker to access arbitrary files on the system.
The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0c7e5ec71b97782eda0a281b09ddabdaba26f848
- https://git.alpinelinux.org/aports/commit/?id=356973950eee8c184c404d8ef97eec75452d8d90
- https://git.alpinelinux.org/aports/commit/?id=c84cb29b4169cd22777801ff1af201b4c2e730d9
- https://git.alpinelinux.org/aports/commit/?id=572bfae1715027763d93986dca4f15179a78f8d6
- https://git.alpinelinux.org/aports/commit/?id=ee8b04b44683cef9674d15880a2ff533d01e36b4