Hide Forgot
The superexec operator is available via either systemdict or internaldict, depending on ghostscript version. An attacker could use this flaw to bypass -dSAFER restrictions and, for example, have access to the file system outside of the designated restricted directories.
External References: https://bugs.ghostscript.com/show_bug.cgi?id=700585
Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Upstream fixes: * Fix bug 700585: Restrict superexec and remove it from internals and gs_cet.ps http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 * Bug 700585: Obliterate "superexec". We don't need it, nor do any known apps. http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6
Acknowledgments: Name: Cedric Buissart (Red Hat)
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1691327]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0633 https://access.redhat.com/errata/RHSA-2019:0633
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:0971 https://access.redhat.com/errata/RHSA-2019:0971