It was found that getenv and filenameforall ignore -dSAFER possibly allowing filesystem enumeration. Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=694724 Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 Reference: http://seclists.org/oss-sec/2016/q3/651 Reproducer: %!PS (HOME) getenv { print (\n) print } { (variable not found\n) print } ifelse
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1390486]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0014 https://rhn.redhat.com/errata/RHSA-2017-0014.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0013 https://rhn.redhat.com/errata/RHSA-2017-0013.html