Security:Security Advisories/BSSA-2023-01: Difference between revisions

No edit summary
No edit summary
Tag: 2017 source edit
 
Line 1: Line 1:
{{Featurepage|featured=true|featuredesc=Current Security Advisory: BSSA-2023-01|featurestart=07/26/2023}}
{| class="wikitable"
{| class="wikitable"
|+
|+

Latest revision as of 09:02, 14 November 2023

Date 2023-07-25
Severity Medium
Affected
  • BlueSpice Infrastructure: Ghostscript
Fixed in
  • Ghostscript 9.53.3 and 10.01.2
CVE CVE-2023-36664

Problem

A bug in ghostscript can be exploited to run arbitrary code on the host machine using prepared PDF document. In BlueSpice, when a) PDFHandler is enabled and b) a PDF document is uploaded, a preview image is being generated using ghostscript. If an attacker uploads a prepared PDF, they can execute code on the server.

PDFHandler is not enabled by default, but many installations have set it active.

Solution

Upgrade Ghostscript to a fixed version and ensure the updated version is used by adding $wgPdfProcessor = '/usr/bin/gs'; to LocalSettings.php.

If upgrade of Ghostscript is not possible, disable the extension PDFHandler. This, however, removes the ability for BlueSpice to render PDF preview images.

Resources


Acknowledgements

Found during an internal security audit.