公告ID: KYLIN-2019-10216
安全等级: 重要
产品: Kylin V3
发布日期: 2019年8月12日
CVE: CVE-2019-10216
CVSS3评分: 7.3
概述:
None 描述:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
ghostscript
ghostscript
ghostscript-9.25-2.el7_7.1
ghostscript-9.25-2.el8_0.2
ghostscript-9.25-2.el8_0.2