Security issue in Ghostscript that bypasses -dSAFER
Submitted by Germán Poo-Caamaño
Assigned to Carlos Campos @carlosgc
Link to original bug (#107664)
Description
There are test case for evince that makes a PostScript file run any program. "699623 Incomplete fix for #697178 Allowing -dSAFER bypass", see http://seclists.org/oss-sec/2018/q3/154
According to Ghostscript developers in freenode, the fix will be available on 9.24 in September.
@chpe cooked a patch for libspectre to do so. https://paste.fedoraproject.org/paste/6ox4FS47YEp3t~xGF4Lq0Q although it needs to change the version number from 925 to 924.
That is, no render any PS file with a version older than 9.24.
Originally reported in https://gitlab.gnome.org/GNOME/evince/issues/967