See here: https://bugs.ghostscript.com/show_bug.cgi?id=697799 and some more info in this duplicate bug https://bugs.ghostscript.com/show_bug.cgi?id=697808 There seem to be no upstream fix release yet. There are rumors that this was the vulnerability used in the recent hipchat incident. Commits to fix according to the upstream bug: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
CVE ID: CVE-2017-8291 Summary: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Published: 2017-04-27T01:59:02.000Z
Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Not yet released.
Patched in our 9.21
Please stabilize app-text/ghostscript-gpl-9.21 (all stable arches)
x86 stable
amd64 stable
Stable on alpha.
ppc stable
ppc64 stable
arm stable
ia64 stable
sparc stable
@hppa ping.
Arches or maintainers please stabilize for hppa ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable.
This issue was resolved and addressed in GLSA 201708-06 at https://security.gentoo.org/glsa/201708-06 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
Maintainer(s), please drop the vulnerable version(s).
Slyfox, please stabilize or drop from stable. This is holding up a security bug, and security cleanup.
hppa stable
Thank you all, Maintainers please proceed to cleanup. Gentoo Security Padawan ChrisADR
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf8f468602a503510b8ccb45b2a0c80f37c83949