Ghostscriptí§ÒâÎļþ¶ÁдÎó²îÇ徲ͨ¸æ
Ðû²¼Ê±¼ä 2018-10-11Îó²î±àºÅºÍ¼¶±ð
CVE±àºÅ£ºCVE-2018-17961£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
Ó°Ïì°æ±¾
Ghostscript version <= 9.26
Îó²î¸ÅÊö
GhostscriptÊÇAdobe PostScriptºÍPDFµÄÚ¹ÊÍÓïÑÔ£¬£¬£¬£¬£¬£¬Ðí¶àͼƬ´¦Öóͷ£¿â¾ùÓÐÒýÓ㬣¬£¬£¬£¬£¬³£¼ûµÄÓÐ ImageMagick¡¢Python-Matplotlib¡¢Latex2htmlµÈ¡£¡£¡£¡£¡£

Îó²îµ¼ÖÂËùÓÐÒýÓÃghostscriptµÄÉÏÓÎÓ¦ÓÃÊܵ½Ó°Ïì¡£¡£¡£¡£¡£ ³£¼ûÓ¦ÓÃÈçÏ£º
Imagemagick¡¢libmagick¡¢graphicsmagick¡¢gimp¡¢python-matplotlib¡¢texlive-core¡¢texmacs¡¢latex2html¡¢latex2rtfµÈ
Îó²îÑéÖ¤
¹Ù·½¶Ô.forceputµÄʹÓÃÏÈÈÝ£¬£¬£¬£¬£¬£¬Äܹ»Ç¿ÖƸüÐÂdictÖеÄÖµ¡£¡£¡£¡£¡£Õâ´ÎµÄÎó²îÖ÷ÒªÔµ¹ÊÔÓÉÒ²¾ÍÊÇÔÚ´¥·¢¹ýʧµÄʱ¼äÓÉÓڽṹ³ö.forceputÁô±£´æÕ»ÖУ¬£¬£¬£¬£¬£¬È»ºó±»×¢²á³ÉÏÂÁîforceput½ø¶ø¶Ôsystemdict¾ÙÐÐÐ޸ġ£¡£¡£¡£¡£×îÖÕµÖ´ïbypass saferÒÔ¼°¿ªÆôÎļþ¶ÁдȨÏ޵ȲÙ×÷¡£¡£¡£¡£¡£

ImageMagick 7.0.8-12 ²âÊÔ£º

ÐÞ¸´½¨Òé
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94
ÎÞ·¨¸üеĿÉͨ¹ýÐÞ¸Äpolicy.xml½ûÓÃPS, EPS, PDF and XPS coders£¨»áÔì³ÉÏà¹Ø¹¦Ð§²»¿ÉʹÓã©
È磺ÐÞ¸ÄImageMagickµÄpolicyÎļþ£¬£¬£¬£¬£¬£¬Ä¬ÈÏλÖÃΪ/etc/ImageMagick-7/policy.xml
Ìí¼ÓÈçÏÂÄÚÈÝ£º
<policymap>
<policydomain="coder" rights="none" pattern="PS" />
<policydomain="coder" rights="none" pattern="EPS" />
<policydomain="coder" rights="none" pattern="PDF" />
<policydomain="coder" rights="none" pattern="XPS" />
</policymap>
ÈôÊDz»ÐèҪʹÓÃGhostScript£¬£¬£¬£¬£¬£¬¿ÉÐ¶ÔØ¡£¡£¡£¡£¡£
²Î¿¼Á´½Ó