Vakawana kunetseka kweGhostscript kusagadzikana

Ghostscript CVE-2019-6116

Mazuva mashoma apfuura chiziviso chakaitwa mukucherechedza kusagadzikana kwakanyanya (CVE-2019-6116) muGhostscript inova seti yezvishandiso kugadzirisa, kushandura uye kugadzira zvinyorwa muPostScript uye PDF ('Adobe Portable Gwaro Fomati') mafomati.

Ghostscript inobvumidza kuendesa data rePS uye rePDF pachiratidziri uyezve nekuvadudzira kuitira kuti vagone kudhindwa papikicha-inokwanisa inoshandisa printer driver.

Kune akatiwandei madhiraivha madhiraivhi anowanikwa kune akasiyana marudzi eprinta. Kana gs -h inoratidzwa mumutsetse wekuraira weiyo sisitimu yekushandisa, huwandu hweruzivo nezve vhezheni yeGhostscript yakaiswa pakombuta ichaonekwa, kusanganisira izvo zvambotaurwa.

Dambudziko iri rinobatawo zvakananga GSview sezvo ichi chiri chinongedzo cheGhostscript, izvo zvinokutendera iwe kuti usvike uye udyidzane neyekupedzisira kuitira kunyatso kuona iyo mafaera ePDF.

Nezve zvirongwa izvi, zvinogona kunzi zvinoshanda nenzira yekuwedzera, saka zvese zviri zviviri zvinofanirwa kuiswa; kutanga 'Ghostscript', uyezve 'GSview', sezvo iri iyo 'mushandisi interface plugin' yezviri pamusoro.

Nezve dambudziko

Uku kutsva kutsva kwakawanikwa inobvumira anorwisa kuti arongedze zvekupokana kodhi kuitisa pane ino sisitimu painogadzira zvakanyatsogadzirwa zvinyorwa.

Uku ndiko kunetseka kune njodzi kwakawanikwa muGhostscript mumwedzi mitanhatu yekupedzisira. Ino nguva, yekupfuura iyo "-dSAFER" yekuzviparadzanisa maitiro, maficha ekugadzirisa mashandiro nema pseudo-operators anoshandiswa.

Dambudziko rinoratidzwa mune yazvino vhezheni ye9.26 uye kusvika parizvino inongogadziriswa nekumisikidza zvigamba zvitanhatu zvatinogona kuona mune zvinotevera zvinongedzo (1, 2, 3, 4, 5 y 6).

Mumigove yakasiyana siyana dambudziko ratogadziriswa yatinowana iye zvino SUSE, yakavhurikaSUSE, Ubuntu uye RHEL apo dambudziko rinoramba risina kugadziriswa mukugovera kwakadai saDebian naFedora.

Iri dambudziko risati rasvika, kuyedzwa kwakaitwa kugadzira prototype expire iyo inowanikwa kuyedza pane ako masisitimu, vanoita kuti zviwanike kubva pane iyi link iripazasi.

Iri dambudziko rakatsanangurwa mu openwall (unogona kuzvitarisa pano) nekuti pano ivo vanotiudza kuti dambudziko riri mumiganhu yepasi mukati mevashandisi venhema.

Izvo zvakakosha kuti utaure kuti kushomeka mu Ghostscript kunomiririra njodzi yakakwira, sezvo pasuru iyi inoshandiswa mune akawanda mafomu mafomu ekugadzirisa PostScript uye mafomati ePDF.

CVE-2019-6116

Kutambanudza ukuru hwechinogona kukonzereswa nedambudziko iri, semuenzaniso, Ghostscript inonzi panguva yekusika zvidhori, desktop indexing yedata, uye kana uchishandura mifananidzo.

Kuti kurwiswa kubudirire mune dzakawanda zviitiko, iwe unongofanirwa kurodha pasi faira nekushandisa kana kutarisa dhairekitori muNautilus.

Kudzvinyirirwa muGhostscript ivo vanogona zvakare kushandiswa kuburikidza nemadhiraivha emifananidzo akavakirwa paPageMagick uye GraphicsMagick mapakeji, kuendesa faira reJPEG kana rePNG rine kodhi yePostScript pachinzvimbo chemufananidzo (faira rakadai rinogadziriswa muGhostscript nekuti mhando yeMIME inozivikanwa nezviri mukati mayo, uye isingavimbe nekuwedzeredzwa).

Maitiro ekushandisa chero mhinduro kudambudziko iri?

Semhinduro yekudzivirira kubva pakushandisa kusagadzikana, zvakakurudzirwa kuti utumidze zita rekuti faira riitwe / usr / bin / evince-chigunwe uchishandisa GNOME's otomatiki mufananidzo thumbnail jenareta uye ImageMagick.

Pamusoro pekuremadza kugadziriswa kwePS, EPS, PDF uye XPS mafomati kune ImageMagick, yaunogona kuenda kuchikamu chemitemo.

Imwe mhinduro yakakurudzirwa inofanirwa kumhanyisa ndeyekuwedzera iyo inotevera kumisikidza kune iyo faira iri mu /etc/ImageMagick/policy.xml

‹policy domain="coder" rights="none" pattern="PS" /›

‹policy domain="coder" rights="none" pattern="PS2" /›

‹policy domain="coder" rights="none" pattern="PS3" /›

‹policy domain="coder" rights="none" pattern="EPS" /›

‹policy domain="coder" rights="none" pattern="PDF" /›

‹policy domain="coder" rights="none" pattern="XPS" /›

Pasina imwezve ado yekugadzirisa kusagadzikana uku uri wega, pano isu tinogovana nzira kunyangwe iri nyaya yenguva yekusiyana kwakasiyana kweLinux kushandisa kwavo kugadzirisa pamwe nekuburitswa kweanodzivirira vhezheni yeGhostscript.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako