Oracle Linux: CVE-2019-6116: ELSA-2019-0229: ghostscript security and bug fix update (IMPORTANT) (Multiple Advisories)
Description
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints.
Solution(s)
- oracle-linux-upgrade-ghostscript
- oracle-linux-upgrade-ghostscript-cups
- oracle-linux-upgrade-ghostscript-devel
- oracle-linux-upgrade-ghostscript-doc
- oracle-linux-upgrade-ghostscript-gtk
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center