Package ghostscript updated to version 9.54.0-alt3 for branch p10 in task 285079.

Published: 2022-02-16
Modified: 2024-11-21

CVE-2021-3781

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Severity: CRITICAL (9.9) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://bugzilla.redhat.com/show_bug.cgi?id=2002271
https://ghostscript.com/CVE-2021-3781.html
https://ghostscript.com/CVE-2021-3781.html
GLSA-202211-11
GLSA-202211-11

Файл из PFB в PFА не конвертируется

Version: 2.1.0

Package ghostscript update in p10 on 2021-09-16

ALT-PU-2021-2808-1

Closed vulnerabilities

CVE-2021-3781

Closed bugs

Bug #40817