Jump to content

Recommended Posts

Posted

There is a nasty flaw that can lead to an RCE,

 

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

 

Quote

"This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood."

and when they say other services , they are not talking about web applications but on machine applications and routines.

securitybreach
Posted

Also, more info:

 

Quote

"If you have ghostscript *anywhere* in your production services, you are probably vulnerable to a shockingly trivial remote shell execution, and you should upgrade it or remove it from your production systems," developer Bill Mill warned.

 

"The best mitigation against this vulnerability is to update your installation of Ghostscript to v10.03.1. If your distribution does not provide the latest Ghostscript version, it might still have released a patch version containing a fix for this vulnerability (e.g., Debian, Ubuntu, Fedora)," Codean Labs added.

 

One year ago, the Ghostscript developers patched another critical RCE flaw (CVE-2023-36664) also triggered by opening maliciously crafted files on unpatched systems.

 

securitybreach
Posted

On Arch:

 

Cerberus :: ~ » pacman -Qi ghostscript
Name            : ghostscript
Version         : 10.03.1-1
..........................
Build Date      : Sun 19 May 2024 02:33:25 PM CDT
Install Date    : Sat 25 May 2024 09:17:03 AM CDT


 

  • 1 month later...
Cluttermagnet
Posted (edited)

What Terminal query could I use in Linux Mint to find out what version of ghostscript is on my system?

Somehow I don't think I'm likely vulnerable in this way... but never hurts to check.

 

Edited by Cluttermagnet
Posted

@Cluttermagnet

apt list ghostscript

 

should show installed and any other available versions

apt policy ghostscript

will give a bit more info

Cluttermagnet
Posted (edited)

Thanks! Well, it looks like I have version 9.50.

 

  Installed: 9.50~dfsg-5ubuntu4.13

I doubt I have anything to worry about. But I don't have version 10...

 

Edited by Cluttermagnet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...