漏洞信息详情
Artifex Ghostscript 安全漏洞
- CNNVD编号:CNNVD-201809-163
- 危害等级: 高危
- CVE编号: CVE-2018-16509
- 漏洞类型: 权限许可和访问控制问题
- 发布时间: 2018-09-05
- 威胁类型: 本地
- 更新时间: 2019-10-23
- 厂 商: debian
- 漏洞来源: Tavis Ormandy (tav...
漏洞简介
Artifex Ghostscript是美国Artifex Software公司的一款开源的PostScript(一种用于电子产业和桌面出版领域的页面描述语言和编程语言)解析器,它可显示Postscript文件以及在非Postscript打印机上打印Postscript文件。
Artifex Ghostscript 9.24之前版本中存在安全漏洞,该漏洞源于在处理/invalidaccess异常时,程序没有正确的检测‘restoration of privilege(权限恢复)’。攻击者可通过提交特制的PostScript利用该漏洞执行代码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.artifex.com/news/ghostscript-security-resolved/
参考网址
来源:MISC
链接:http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
来源:DEBIAN
链接:https://www.debian.org/security/2018/dsa-4294
来源:CONFIRM
链接:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764
来源:MISC
链接:http://seclists.org/oss-sec/2018/q3/142
来源:MISC
链接:https://bugs.ghostscript.com/show_bug.cgi?id=699654
来源:MISC
链接:http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:3760
来源:BID
链接:http://www.securityfocus.com/bid/105122
来源:MISC
链接:https://www.artifex.com/news/ghostscript-security-resolved/
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00015.HTML
来源:www.kb.cert.org
链接:https://www.kb.cert.org/vuls/id/332928
来源:www.synology.com
链接:https://www.synology.com/en-global/support/security/Synology_SA_18_49
来源:kb.pulsesecure.net
链接:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
来源:www.oracle.com
链接:https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2018-5142979.HTML
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2018-16509#
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2018-15910
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1619748
来源:seclists.org
链接:https://seclists.org/oss-sec/2018/q3/142
来源:www.ghostscript.com
链接:http://www.ghostscript.com/
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2018-15911
来源:blog.cube-soft.jp
链接:https://blog.cube-soft.jp/?p=1752
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1625832
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1619751
来源:bugs.chromium.org
链接:https://bugs.chromium.org/p/project-zero/issues/detail?id=1640&can=1&q=&sort=-modified%20-id&colspec=ID%20Status%20Owner%20Summary%20Modified%20CVE
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:2918
来源:EXPLOIT-DB
链接:https://www.exploit-db.com/exploits/45369/
来源:MISC
链接:http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
来源:GENTOO
链接:https://security.gentoo.org/glsa/201811-12
来源:UBUNTU
链接:https://usn.ubuntu.com/3768-1/
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/43219
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/105122
受影响实体
- Debian Debian_linux:8.0
- Debian Debian_linux:9.0
补丁
- Artifex Ghostscript 安全漏洞的修复措施
评论