Oval Definition:oval:com.ubuntu.xenial:def:2019102160000000
Revision Date:2019-11-27Version:1
Title:CVE-2019-10216 on Ubuntu 16.04 LTS (xenial) - medium.
Description:In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-10216
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND ghostscript package in xenial was vulnerable but has been fixed (note: '9.26~dfsg+0-0ubuntu0.16.04.10').
  • BACK