安全公告详情

NS-SA-2019-0250

2019-12-27 14:15:32

简介

important: httpd/ghostscript security update

严重级别

important

主题

An update for httpd/ghostscript is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

httpd: The mod_session module and associated backends provide an abstract interface for storing and accessing per-user session data.
ghostscript: This library provides Ghostscript's core functionality, based on Ghostscript's API, which is useful for many packages that are build on top of Ghostscript.


Security Fix(es):
httpd: A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)
httpd: A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)
httpd: bugfix
ghostscript: Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content.(CVE-2018-11645)
ghostscript: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.(CVE-2019-10216)
ghostscript: A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14813)
ghostscript: A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14812)
ghostscript: A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14811)
ghostscript: A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14817)
ghostscript: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.

影响组件

  • httpd
  • ghostscript

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["mod_proxy_html-2.4.6-90.el7.centos.x86_64.rpm","mod_session-2.4.6-90.el7.centos.x86_64.rpm","mod_ssl-2.4.6-90.el7.centos.x86_64.rpm","httpd-2.4.6-90.el7.centos.x86_64.rpm","httpd-debuginfo-2.4.6-90.el7.centos.x86_64.rpm","httpd-devel-2.4.6-90.el7.centos.x86_64.rpm","httpd-manual-2.4.6-90.el7.centos.noarch.rpm","httpd-tools-2.4.6-90.el7.centos.x86_64.rpm","mod_ldap-2.4.6-90.el7.centos.x86_64.rpm"],"source":"httpd-2.4.6-90.el7.centos.src.rpm"},{"binary":["libgs-devel-9.25-2.el7_7.2.x86_64.rpm","ghostscript-9.25-2.el7_7.2.x86_64.rpm","ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm","ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm","ghostscript-doc-9.25-2.el7_7.2.noarch.rpm","libgs-9.25-2.el7_7.2.x86_64.rpm","ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm"],"source":"ghostscript-9.25-2.el7_7.2.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["httpd-tools-2.4.6-90.el7.centos.x86_64.rpm","mod_ldap-2.4.6-90.el7.centos.x86_64.rpm","mod_proxy_html-2.4.6-90.el7.centos.x86_64.rpm","mod_session-2.4.6-90.el7.centos.x86_64.rpm","mod_ssl-2.4.6-90.el7.centos.x86_64.rpm","httpd-2.4.6-90.el7.centos.x86_64.rpm","httpd-debuginfo-2.4.6-90.el7.centos.x86_64.rpm","httpd-devel-2.4.6-90.el7.centos.x86_64.rpm","httpd-manual-2.4.6-90.el7.centos.noarch.rpm"],"source":"httpd-2.4.6-90.el7.centos.src.rpm"},{"binary":["ghostscript-9.25-2.el7_7.2.x86_64.rpm","ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm","ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm","ghostscript-doc-9.25-2.el7_7.2.noarch.rpm","ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm","libgs-9.25-2.el7_7.2.x86_64.rpm","libgs-devel-9.25-2.el7_7.2.x86_64.rpm"],"source":"ghostscript-9.25-2.el7_7.2.src.rpm"}]}]}

CVE

参考