Change Details

On oss-security, Travis Ormandy reported an issue which allows the filesystem to be read and file contents to be accessed by taking advantage of an error in the implementation of Ghostscript invocation with `-dSAFER`: http://www.openwall.com/lists/oss-security/2016/09/28/6 Tavis observed the issue in the context the ImageMagick identify command, but the issue affects any program which uses Ghostscript. A [[ http://bugs.ghostscript.com/show_bug.cgi?id=697169 | bug report ]] has been submitted to Ghostscript, but has not yet been acted on. We need to determine the extent to which we are susceptible to this issue (i.e., which extensions are affected, if any, besides PdfHandler and Math), then implement a temporary mitigation until the issue is fixed upstream and packages are released for our production OS'es. Hat tip to @csteipp for bringing it to my attention on IRC>

On oss-security, Travis Ormandy reported an issue which allows the filesystem to be read and file contents to be accessed by taking advantage of an error in the implementation of Ghostscript invocation with `-dSAFER`: http://www.openwall.com/lists/oss-security/2016/09/28/6 Tavis observed the issue in the context the ImageMagick identify command, but the issue affects any program which uses Ghostscript. A [[ http://bugs.ghostscript.com/show_bug.cgi?id=697169 | bug report ]] has been submitted to Ghostscript, but has not yet been acted on. We need to determine the extent to which we are susceptible to this issue (i.e., which extensions are affected, if any, besides PdfHandler and Math), then implement a temporary mitigation until the issue is fixed upstream and packages are released for our production OS'es. Hat tip to @csteipp for bringing it to my attention on IRC.

On oss-security, Travis Ormandy reported an issue which allows the filesystem to be read and file contents to be accessed by taking advantage of an error in the implementation of Ghostscript invocation with `-dSAFER`: http://www.openwall.com/lists/oss-security/2016/09/28/6 Tavis observed the issue in the context the ImageMagick identify command, but the issue affects any program which uses Ghostscript. A [[ http://bugs.ghostscript.com/show_bug.cgi?id=697169 | bug report ]] has been submitted to Ghostscript, but has not yet been acted on. We need to determine the extent to which we are susceptible to this issue (i.e., which extensions are affected, if any, besides PdfHandler and Math), then implement a temporary mitigation until the issue is fixed upstream and packages are released for our production OS'es. Hat tip to @csteipp for bringing it to my attention on IRC>IRC.