Ghostscriptí§Òâ´úÂëÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-24

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6116£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬ CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º

Ghostscript 9.26¼°¸üÔç°æ±¾¶¼ÊÜÓ°Ïì


Îó²î¸ÅÊö


GhostscriptÊÇÒ»Ì×½¨»ùÓÚAdobe¡¢PostScript¼°¿ÉÒÆÖ²ÎĵµÃûÌã¨PDF£©µÄÒ³ÃæÐÎòÓïÑԵȶø±àÒë³ÉµÄÃâ·ÑÈí¼þ¡£ ¡£¡£¡£¡£


Google Project Zero Ðû²¼ GhostscriptÎó²îÔ¤¾¯£¬ £¬£¬Ô¶¶Ë¹¥»÷Õß¿ÉʹÓÃÎó²îÔÚÄ¿µÄϵͳִÐÐí§Òâ´úÂë¼°ÈƹýÇå¾²ÏÞÖÆ¡£ ¡£¡£¡£¡£µ±Î±ÔËËã·ûÍÆËÍ×Ó³ÌÐòʱ£¬ £¬£¬ghostscript¿ÉÄÜ»á×ß©²Ù×÷Êý¿ÍÕ»ÉϵÄÃô¸ÐÔËËã·û¡£ ¡£¡£¡£¡£ÌØÖƵÄPostScriptÎļþ¿ÉÒÔʹÓôËȱÏÝÀ´×ªÒå-dSAFER±£»£» £»¤£¬ £¬£¬ÒÔ±ãÀýÈç¿ÉÒÔ»á¼ûÎļþϵͳ²¢Ö´ÐÐÏÂÁî¡£ ¡£¡£¡£¡£


Îó²îʹÓÃ


    ÏÖÔÚÒÑÓÐEXP: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2.


ÐÞ¸´½¨Òé


Èí¼þ¹©Ó¦ÉÌÒÑÌṩ²¹¶¡³ÌÐò£¬ £¬£¬ÇëÉý¼¶µ½9.26°æ±¾£ºhttps://www.ghostscript.com/documentation.html¡£ ¡£¡£¡£¡£

RedHatÐÞ¸´½¨Ò飺https://access.redhat.com/security/cve/cve-2019-6116¡£ ¡£¡£¡£¡£

UbuntuÐÞ¸´½¨Ò飺https://usn.ubuntu.com/3866-1/¡£ ¡£¡£¡£¡£

ImageMagick Óõ½ÁËGhostscript Ïà¹Ø³ÌÐò£¬ £¬£¬Ò²Êܵ½´ËÎó²îÓ°Ï죬 £¬£¬ºóÐø»á¸ú×Ù¡£ ¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://usn.ubuntu.com/3866-1/

https://access.redhat.com/security/cve/cve-2019-6116

https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2

https://www.ghostscript.com/documentation.html