Security:Security Advisories/BSSA-2023-01: Difference between revisions

(Ghostscript BSSA)
Tag: 2017 source edit
 
No edit summary
Tag: 2017 source edit
 
(4 intermediate revisions by 3 users not shown)
Line 16: Line 16:
|Fixed in
|Fixed in
|
|
* Ghostscript 9.53.0 and 10.01.2
* Ghostscript 9.53.3 and 10.01.2
|-
|-
|CVE
|CVE
Line 28: Line 28:


== Solution ==
== Solution ==
Upgrade Ghostscript to a fixed version.
Upgrade Ghostscript to a fixed version and ensure the updated version is used by adding <code>$wgPdfProcessor = '/usr/bin/gs';</code> to <code>LocalSettings.php</code>.  


If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.
If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.
Line 34: Line 34:
== Resources ==
== Resources ==
* For Debian: https://www.debian.org/security/2023/dsa-5446
* For Debian: https://www.debian.org/security/2023/dsa-5446
* For Debian10: [https://security-tracker.debian.org/tracker/source-package/ghostscript Information on source package ghostscript (debian.org)]
* For Ubuntu: https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.8
* For Ubuntu: https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.8



Latest revision as of 09:02, 14 November 2023

Date 2023-07-25
Severity Medium
Affected
  • BlueSpice Infrastructure: Ghostscript
Fixed in
  • Ghostscript 9.53.3 and 10.01.2
CVE CVE-2023-36664

Problem

A bug in ghostscript can be exploited to run arbitrary code on the host machine using prepared PDF document. In BlueSpice, when a) PDFHandler is enabled and b) a PDF document is uploaded, a preview image is being generated using ghostscript. If an attacker uploads a prepared PDF, they can execute code on the server.

PDFHandler is not enabled by default, but many installations have set it active.

Solution

Upgrade Ghostscript to a fixed version and ensure the updated version is used by adding $wgPdfProcessor = '/usr/bin/gs'; to LocalSettings.php.

If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.

Resources


Acknowledgements

Found during an internal security audit.