[OpenIndiana-discuss] ghostscript / ImageMagick security problems
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Wed Aug 22 21:11:18 UTC 2018
If OpenIndiana's build of ImageMagick uses a "modules" build, then one
can delete the installed pdf.so, ps.so, ps2.so, and ps3.so and then it
should not be possible to read the associated formats.
Under Ubuntu 16.04 LTS, I see the ImageMagick policy.xml is available
at "/etc/ImageMagick/policy.xml".
The CERT advisory at https://www.kb.cert.org/vuls/id/332928 provides
an example which does not appear to block PS2 and PS3, which are also
entry points for reading Postscript.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the openindiana-discuss
mailing list