Subject: [ASA-201911-5] ghostscript: sandbox escape Arch Linux Security Advisory ASA-201911-5 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 Package : ghostscript Type : sandbox escape Remote : No Link : https://security.archlinux.org/AVG-1031 Summary ======= The package ghostscript before version 9.50-1 is vulnerable to sandbox escape. Resolution ========== Upgrade to 9.50-1. # pacman -Syu "ghostscript>=9.50-1" The problems have been fixed upstream in version 9.50. Workaround ========== None. Description =========== - CVE-2019-14811 (sandbox escape) Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator. - CVE-2019-14812 (sandbox escape) Safer Mode Bypass by .forceput Exposure in setuserparams - CVE-2019-14813 (sandbox escape) Safer Mode Bypass by .forceput Exposure in setsystemparams - CVE-2019-14817 (sandbox escape) Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures. Impact ====== An attacker is able to escape the sandbox provided by ghostscript. References ========== https://marc.info/?l=oss-security&m=156699539604858 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 https://security.archlinux.org/CVE-2019-14811 https://security.archlinux.org/CVE-2019-14812 https://security.archlinux.org/CVE-2019-14813 https://security.archlinux.org/CVE-2019-14817