An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. References: https://seclists.org/oss-sec/2018/q3/228 https://seclists.org/oss-sec/2018/q3/229 https://seclists.org/oss-sec/2018/q3/233 Upstream Patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24db https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b7
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1627960]
Statement: This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3834 https://access.redhat.com/errata/RHSA-2018:3834
Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509