Fedora Account System
Red Hat Associate
Red Hat Customer
The superexec operator is available via either systemdict or internaldict, depending on ghostscript version. An attacker could use this flaw to bypass -dSAFER restrictions and, for example, have access to the file system outside of the designated restricted directories.
External References: https://bugs.ghostscript.com/show_bug.cgi?id=700585
Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Upstream fixes: * Fix bug 700585: Restrict superexec and remove it from internals and gs_cet.ps http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 * Bug 700585: Obliterate "superexec". We don't need it, nor do any known apps. http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6
Acknowledgments: Name: Cedric Buissart (Red Hat)
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1691327]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0633 https://access.redhat.com/errata/RHSA-2019:0633
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:0971 https://access.redhat.com/errata/RHSA-2019:0971