Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ghostscript | Artifex | * | 10.01.2 (including) |
| Red Hat Enterprise Linux 9 | RedHat | ghostscript-0:9.54.0-10.el9_2 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | ghostscript-0:9.54.0-7.el9_0.1 | * |
| Ghostscript | Ubuntu | bionic | * |
| Ghostscript | Ubuntu | devel | * |
| Ghostscript | Ubuntu | esm-infra/focal | * |
| Ghostscript | Ubuntu | focal | * |
| Ghostscript | Ubuntu | jammy | * |
| Ghostscript | Ubuntu | kinetic | * |
| Ghostscript | Ubuntu | lunar | * |
| Ghostscript | Ubuntu | upstream | * |
| Ghostscript | Ubuntu | xenial | * |
References
- https://bugs.ghostscript.com/show_bug.cgi?id=706761
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/
- https://security.gentoo.org/glsa/202309-03
- https://www.debian.org/security/2023/dsa-5446
- https://bugs.ghostscript.com/show_bug.cgi?id=706761
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d
- https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/
- https://security.gentoo.org/glsa/202309-03
- https://www.debian.org/security/2023/dsa-5446