GhostscriptËÁÒâ´úÂëÖ´Ðзì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-01-24

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6116£¬£¬£¬£¬ £¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬£¬£¬ £¬ CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬£¬£¬£¬ £¬£¬£¬ £¬¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì°æ±¾£º

Ghostscript 9.26¼°¸üÔç°æ±¾¶¼ÊÜÓ°Ïì


·ì϶¸ÅÊö


GhostscriptÊÇÒ»Ì×½¨»ùÓÚAdobe¡¢PostScript¼°¿ÉÒÆÖ²ÎĵµÌåʽ£¨PDF£©µÄÒ³ÃæÃèÊöÓïÑԵȶø±àÒë³ÉµÄÃâ·ÑÈí¼þ¡£¡£¡£¡£¡£ ¡£¡£


Google Project Zero °ä²¼ Ghostscript·ì϶Ԥ¾¯£¬£¬£¬£¬ £¬£¬£¬ £¬Ô¶¶Ë¹¥»÷Õß¿ÉÀûÓ÷ì϶ÔÚÖ¸±êϵͳִÐÐËÁÒâ´úÂë¼°Èƹý°²È«Ï޶ȡ£¡£¡£¡£¡£ ¡£¡£µ±Î±ÔËËã·ûÍÆËÍ×Ó·¨Ê½Ê±£¬£¬£¬£¬ £¬£¬£¬ £¬ghostscript¿ÉÄÜ»áй©²Ù×÷Êý²Ö¿âÉϵÄÃô¸ÐÔËËã·û¡£¡£¡£¡£¡£ ¡£¡£ÌØÔìµÄPostScriptÎļþÄܹ»Ê¹ÓôËȱµãÀ´×ªÒå-dSAFER±£» £»£»£»£»¤£¬£¬£¬£¬ £¬£¬£¬ £¬ÒÔ±ãÀýÈçÄܹ»½Ó¼ûÎļþϵͳ²¢Ö´ÐкÅÁî¡£¡£¡£¡£¡£ ¡£¡£


·ì϶ÀûÓÃ


    Ä¿Ç°ÒÑÓÐEXP: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2.


½¨¸´½¨Òé


Èí¼þ¹©¸øÉÌÒÑÌṩ²¹¶¡·¨Ê½£¬£¬£¬£¬ £¬£¬£¬ £¬ÇëÉý¼¶µ½9.26°æ±¾£ºhttps://www.ghostscript.com/documentation.html¡£¡£¡£¡£¡£ ¡£¡£

RedHat½¨¸´½¨Ò飺https://access.redhat.com/security/cve/cve-2019-6116¡£¡£¡£¡£¡£ ¡£¡£

Ubuntu½¨¸´½¨Ò飺https://usn.ubuntu.com/3866-1/¡£¡£¡£¡£¡£ ¡£¡£

ImageMagick Óõ½ÁËGhostscript Óйط¨Ê½£¬£¬£¬£¬ £¬£¬£¬ £¬Ò²Êܵ½´Ë·ì϶ӰÏ죬£¬£¬£¬ £¬£¬£¬ £¬ºóÐø»á¸ú×Ù¡£¡£¡£¡£¡£ ¡£¡£


²Î¿¼Á´½Ó


https://usn.ubuntu.com/3866-1/

https://access.redhat.com/security/cve/cve-2019-6116

https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2

https://www.ghostscript.com/documentation.html