SB2018090423 - Improper input validation in ghostscript (Alpine package)
Published: September 4, 2018
Security Bulletin ID
SB2018090423
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2018-15908)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the bypass of the -dSAFER option. A remote unauthenticated attacker can submit a specially crafted PostScript file, bypass .tempfile restrictions and write files on the targeted system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0c81d393f55e12aad1694ac3ee4ed2b865527f6f
- https://git.alpinelinux.org/aports/commit/?id=5e753b12c86f19cc249a631482ee1a4a739e45aa
- https://git.alpinelinux.org/aports/commit/?id=646b9a7b6b94e05cb166f6a084a22fe8f03264fb
- https://git.alpinelinux.org/aports/commit/?id=c13758613f3110e14c2e9eda818406f235d996c1
- https://git.alpinelinux.org/aports/commit/?id=dd646650fecf6b0d42ffc26eed4a6da53a6040e5