Date: Thu, 27 Apr 2017 17:46:51 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE-2017-8291 ghostscript remote code execution Hi, Canonical has reported CVE-2017-8291 to ghostscript, a ghostscript code execution with -dSAFER to the ghostscript team. With PS/EPS being processed also from the network with -dSAFER, this would count for remote code execution. The ghostscript bug is https://bugs.ghostscript.com/show_bug.cgi?id=697808 and had some more comments but was made private a bit after I last accessed it. I captured the first comment at least in our bug. https://bugzilla.suse.com/show_bug.cgi?id=1036453 The problem is I think around a type confusion in the rsdparams command. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.