Few days ago the announcement was made in identifying critical vulnerabilities (CVE-2019-6116) in Ghostscript which is a set of tools to process, convert and generate documents in PostScript and PDF ('Adobe Portable Document Format') formats.
Ghostscript allows to present PS and PDF data on the screen and also to translate them so that they can be printed on a graphics-capable printer using the printer driver.
There are a number of driver devices available for various types of printers. If gs -h is indicated in the command line of the operating system, a large amount of information about the version of Ghostscript installed on the computer will appear, including the mentioned devices.
This problem also directly affects GSview since this is a graphical interface for Ghostscript, which will allow you to access and interact with the latter for the correct visualization of the PDF files.
Regarding these programs, it could be said that they work in a complementary way, so both must be installed; first 'Ghostscript', and then 'GSview', as it is the 'user interface plugin' for the above.
About the problem
This new vulnerability found allows the attacker to organize arbitrary code execution on the system when processing specially crafted documents.
This is a dangerous vulnerability discovered in Ghostscript in the last 6 months. This time, to bypass the "-dSAFER" isolation mode, the features of routine processing with pseudo-operators are used.
The problem is manifested in the latest version of 9.26 and so far it is only solved by imposing 6 patches which we can see in the following links (1, 2, 3, 4, 5 y 6).
In different distributions the problem has already been fixed of which we currently find SUSE, openSUSE, Ubuntu and RHEL while the problem remains uncorrected in distributions such as Debian and Fedora.
Before this problem, an attempt has been made to create a prototype exploit which is available to test on your systems, they make it available from the link below.
This problem is detailed in openwall (you can check it here) since here they tell us that the problem is in the subroutines within the pseudo-operators.
It is important to mention that vulnerabilities in Ghostscript represent a higher risk, as this package is used in many popular applications to process PostScript and PDF formats.
To stretch the magnitude of what this problem can cause, for example, Ghostscript is called during desktop thumbnail creation, background indexing of data, and when converting images.
For an attack to be successful in many cases, you simply have to download the file with the exploit or browse the directory in Nautilus.
Vulnerabilities in Ghostscript they can also be exploited through image drivers based on the ImageMagick and GraphicsMagick packages, transferring a JPEG or PNG file that contains a PostScript code instead of an image (such a file will be processed in Ghostscript because the MIME type is recognized by its content, and not relying on the extension).
How to apply any solution to this problem?
As a solution to protect against exploiting the vulnerability, it has been recommended to temporarily rename the executable file / usr / bin / evince-thumbnailer using GNOME's automatic image thumbnail generator and ImageMagick.
In addition to disabling the processing of PS, EPS, PDF and XPS formats to ImageMagick, for which you can go to the policies section.
Another recommended solution that should be run is to add the following configuration to the file located in /etc/ImageMagick/policy.xml
‹policy domain="coder" rights="none" pattern="PS" /› ‹policy domain="coder" rights="none" pattern="PS2" /› ‹policy domain="coder" rights="none" pattern="PS3" /› ‹policy domain="coder" rights="none" pattern="EPS" /› ‹policy domain="coder" rights="none" pattern="PDF" /› ‹policy domain="coder" rights="none" pattern="XPS" /›
Without further ado to correct this vulnerability on your own, here we share the methods even though it is a matter of time for the different Linux distributions to apply their corrections as well as the release of a preventive version of Ghostscript.