GhostscriptËÁÒâ´úÂëÖ´Ðзì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-01-24

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6116£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì°æ±¾£º

Ghostscript 9.26¼°¸üÔç°æ±¾¶¼ÊÜÓ°Ïì


·ì϶¸ÅÊö


GhostscriptÊÇÒ»Ì×½¨»ùÓÚAdobe¡¢PostScript¼°¿ÉÒÆÖ²ÎĵµÌåʽ£¨PDF£©µÄÒ³ÃæÃèÊöÓïÑԵȶø±àÒë³ÉµÄÃâ·ÑÈí¼þ¡£


Google Project Zero °ä²¼ Ghostscript·ì϶Ԥ¾¯£¬Ô¶¶Ë¹¥»÷Õß¿ÉÀûÓ÷ì϶ÔÚÖ¸±êϵͳִÐÐËÁÒâ´úÂë¼°Èƹý°²È«Ï޶ȡ£µ±Î±ÔËËã·ûÍÆËÍ×Ó·¨Ê½Ê±£¬ghostscript¿ÉÄÜ»áй©²Ù×÷Êý²Ö¿âÉϵÄÃô¸ÐÔËËã·û¡£ÌØÔìµÄPostScriptÎļþÄܹ»Ê¹ÓôËȱµãÀ´×ªÒå-dSAFER±£»¤£¬ÒÔ±ãÀýÈçÄܹ»½Ó¼ûÎļþϵͳ²¢Ö´ÐкÅÁî¡£


·ì϶ÀûÓÃ


    Ä¿Ç°ÒÑÓÐEXP: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2.


½¨¸´½¨Òé


Èí¼þ¹©¸øÉÌÒÑÌṩ²¹¶¡·¨Ê½£¬ÇëÉý¼¶µ½9.26°æ±¾£ºhttps://www.ghostscript.com/documentation.html¡£

RedHat½¨¸´½¨Ò飺https://access.redhat.com/security/cve/cve-2019-6116¡£

Ubuntu½¨¸´½¨Ò飺https://usn.ubuntu.com/3866-1/¡£

ImageMagick Óõ½ÁËGhostscript Óйط¨Ê½£¬Ò²Êܵ½´Ë·ì϶ӰÏ죬ºóÐø»á¸ú×Ù¡£


²Î¿¼Á´½Ó


https://usn.ubuntu.com/3866-1/

https://access.redhat.com/security/cve/cve-2019-6116

https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2

https://www.ghostscript.com/documentation.html