关键信息 漏洞编号: CVE-2019-3835 漏洞标题: ghostscript: superexec operator is available (700585) 状态: CLOSED ERRATA 报告时间: 2019-02-15 10:06 UTC 解决版本: ghostscript 9.27 优先级: high 严重性: high 产品: Security Response 漏洞描述 The superexec operator is available via either systemdict or internaldict, depending on ghostscript version. An attacker could use this flaw to bypass -dSAFER restrictions and, for example, have access to the file system outside of the designated restricted directories. 修复措施 评论2: 请参考CVE-2018-16509的"Mitigation"部分。 上游修复: - Fix bug 700585: 限制superexec并将其从内部和gs_cet.ps中移除。 - Bug 700585: 删除"superexec"。我们不需要它,已知的应用程序也不需要。 影响的产品 Red Hat Enterprise Linux 7 (RHSA-2019:0633) Red Hat Enterprise Linux 8 (RHSA-2019:0971)