Ghostscriptí§Òâ´úÂëÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-24

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6116£¬ £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬£¬£¬£¬£¬ CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬ £¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º

Ghostscript 9.26¼°¸üÔç°æ±¾¶¼ÊÜÓ°Ïì


Îó²î¸ÅÊö


GhostscriptÊÇÒ»Ì×½¨»ùÓÚAdobe¡¢PostScript¼°¿ÉÒÆÖ²ÎĵµÃûÌã¨PDF£©µÄÒ³ÃæÐÎòÓïÑԵȶø±àÒë³ÉµÄÃâ·ÑÈí¼þ¡£¡£¡£¡£¡£¡£¡£¡£


Google Project Zero Ðû²¼ GhostscriptÎó²îÔ¤¾¯£¬ £¬£¬£¬£¬£¬£¬£¬Ô¶¶Ë¹¥»÷Õß¿ÉʹÓÃÎó²îÔÚÄ¿µÄϵͳִÐÐí§Òâ´úÂë¼°ÈƹýÇå¾²ÏÞÖÆ¡£¡£¡£¡£¡£¡£¡£¡£µ±Î±ÔËËã·ûÍÆËÍ×Ó³ÌÐòʱ£¬ £¬£¬£¬£¬£¬£¬£¬ghostscript¿ÉÄÜ»á×ß©²Ù×÷Êý¿ÍÕ»ÉϵÄÃô¸ÐÔËËã·û¡£¡£¡£¡£¡£¡£¡£¡£ÌØÖƵÄPostScriptÎļþ¿ÉÒÔʹÓôËȱÏÝÀ´×ªÒå-dSAFER±£»£»£»£»£»£»£»¤£¬ £¬£¬£¬£¬£¬£¬£¬ÒÔ±ãÀýÈç¿ÉÒÔ»á¼ûÎļþϵͳ²¢Ö´ÐÐÏÂÁî¡£¡£¡£¡£¡£¡£¡£¡£


Îó²îʹÓÃ


    ÏÖÔÚÒÑÓÐEXP: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2.


ÐÞ¸´½¨Òé


Èí¼þ¹©Ó¦ÉÌÒÑÌṩ²¹¶¡³ÌÐò£¬ £¬£¬£¬£¬£¬£¬£¬ÇëÉý¼¶µ½9.26°æ±¾£ºhttps://www.ghostscript.com/documentation.html¡£¡£¡£¡£¡£¡£¡£¡£

RedHatÐÞ¸´½¨Ò飺https://access.redhat.com/security/cve/cve-2019-6116¡£¡£¡£¡£¡£¡£¡£¡£

UbuntuÐÞ¸´½¨Ò飺https://usn.ubuntu.com/3866-1/¡£¡£¡£¡£¡£¡£¡£¡£

ImageMagick Óõ½ÁËGhostscript Ïà¹Ø³ÌÐò£¬ £¬£¬£¬£¬£¬£¬£¬Ò²Êܵ½´ËÎó²îÓ°Ï죬 £¬£¬£¬£¬£¬£¬£¬ºóÐø»á¸ú×Ù¡£¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://usn.ubuntu.com/3866-1/

https://access.redhat.com/security/cve/cve-2019-6116

https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2

https://www.ghostscript.com/documentation.html