crp Posted July 9, 2024 Posted July 9, 2024 There is a nasty flaw that can lead to an RCE, https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ Quote "This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood." and when they say other services , they are not talking about web applications but on machine applications and routines. Quote
securitybreach Posted July 9, 2024 Posted July 9, 2024 Quote While the Ghostscript development team patched the security flaw in May, Codean Labs published a write-up with technical details and proof-of-concept exploit code two months later. https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/ This was patched in May when it was originally found. Quote
securitybreach Posted July 9, 2024 Posted July 9, 2024 Also, more info: Quote "If you have ghostscript *anywhere* in your production services, you are probably vulnerable to a shockingly trivial remote shell execution, and you should upgrade it or remove it from your production systems," developer Bill Mill warned. "The best mitigation against this vulnerability is to update your installation of Ghostscript to v10.03.1. If your distribution does not provide the latest Ghostscript version, it might still have released a patch version containing a fix for this vulnerability (e.g., Debian, Ubuntu, Fedora)," Codean Labs added. One year ago, the Ghostscript developers patched another critical RCE flaw (CVE-2023-36664) also triggered by opening maliciously crafted files on unpatched systems. Quote
securitybreach Posted July 9, 2024 Posted July 9, 2024 On Arch: Cerberus :: ~ » pacman -Qi ghostscript Name : ghostscript Version : 10.03.1-1 .......................... Build Date : Sun 19 May 2024 02:33:25 PM CDT Install Date : Sat 25 May 2024 09:17:03 AM CDT Quote
Cluttermagnet Posted August 17, 2024 Posted August 17, 2024 (edited) What Terminal query could I use in Linux Mint to find out what version of ghostscript is on my system? Somehow I don't think I'm likely vulnerable in this way... but never hurts to check. Edited August 17, 2024 by Cluttermagnet Quote
sunrat Posted August 17, 2024 Posted August 17, 2024 @Cluttermagnet apt list ghostscript should show installed and any other available versions apt policy ghostscript will give a bit more info Quote
Cluttermagnet Posted August 17, 2024 Posted August 17, 2024 (edited) Thanks! Well, it looks like I have version 9.50. Installed: 9.50~dfsg-5ubuntu4.13 I doubt I have anything to worry about. But I don't have version 10... Edited August 17, 2024 by Cluttermagnet Quote
securitybreach Posted August 17, 2024 Posted August 17, 2024 Going by this, it was patched https://forums.linuxmint.com/viewtopic.php?t=424119 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.