(Ghostscript BSSA) Tag: 2017 source edit |
No edit summary |
||
| Line 16: | Line 16: | ||
|Fixed in | |Fixed in | ||
| | | | ||
* Ghostscript 9.53. | * Ghostscript 9.53.3 and 10.01.2 | ||
|- | |- | ||
|CVE | |CVE | ||
| Line 28: | Line 28: | ||
== Solution == | == Solution == | ||
Upgrade Ghostscript to a fixed version. | Upgrade Ghostscript to a fixed version and ensure the updated version is used by adding <code>$wgPdfProcessor = '/usr/bin/gs';</code> to <code>LocalSettings.php</code>. | ||
If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images. | If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images. | ||
Revision as of 14:35, 25 July 2023
| Date | 2023-07-25 |
| Severity | Medium |
| Affected |
|
| Fixed in |
|
| CVE | CVE-2023-36664 |
Problem
A bug in ghostscript can be exploited to run arbitrary code on the host machine using prepared PDF document. In BlueSpice, when a) PDFHandler is enabled and b) a PDF document is uploaded, a preview image is being generated using ghostscript. If an attacker uploads a prepared PDF, they can execute code on the server.
PDFHandler is not enabled by default, but many installations have set it active.
Solution
Upgrade Ghostscript to a fixed version and ensure the updated version is used by adding $wgPdfProcessor = '/usr/bin/gs'; to LocalSettings.php.
If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.
Resources
- For Debian: https://www.debian.org/security/2023/dsa-5446
- For Ubuntu: https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.8
Acknowledgements
Found during an internal security audit.
