ASA-202109-3 log generated external raw

[ASA-202109-3] ghostscript: arbitrary command execution
Arch Linux Security Advisory ASA-202109-3 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-3781 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : Summary ======= The package ghostscript before version 9.54.0-3 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 9.54.0-3. # pacman -Syu "ghostscript>=9.54.0-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. Impact ====== An attacker could execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox. References ==========;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20