Google Project Zero to Discover Ghostscript Vulnerability

Users of popular Linux distributers pre-installed apps are under the thread
23 August 2018   976

Researchers from Google Project Zero reported a vulnerbility in the Ghostscript - open-source interpreter for PostScript and PDF files. An attacker can gain access to applications and servers that work with meentioned software. There is no patch for the vulnerability, therefore, experts recommend turning off all crypters for .PS, .EPS, .PDF and .XPS by default in the policy.xml file.

Employee of the Google Division Tavis Ormandy said that the security hole exploits ways to bypass the isolated environment -dSAFER, through which cybercriminals can send a victim a file with malicious code. When a vulnerable version of Ghostscript opens such a file, the code contained in it will be executed, which will give an opportunity to take control over the management of applications and servers.

The vulnerability has already been confirmed by the developers of the interpreter - Artifex Software, and it does not have its own CVE-identifier yet.

Users of the ImageMagick, Evince and GIMP are at risk. These set of apps are included in many Linux distributions: RedHat, SUSE, Ubuntu, Fedora, FreeBSD, Debian, CentOS. Tavis Ormandi on Twitter to disable Ghostscript encoders for files with .PS, .EPS, .PDF and .XPS extensions in the policy.xml document:

CMake 3.14.0 to be Available

CMake is a cross-platform free and open-source software application for managing the build process of software using a compiler-independent method
15 March 2019   157

The release of the pplication for managing the build process of software using a compiler-independent method CMake 3.14, acting as an alternative to Autotools and used in projects such as KDE, LLVM / Clang, MySQL, MariaDB, ReactOS and Blender. CMake code is written in C ++ and is distributed under the BSD license.

CMake is notable for providing simple scripting language, tools for extending functionality through modules, a minimum number of dependencies (no binding to M4, Perl or Python), support for caching, the availability of tools for cross-compiling, support for generating assembly files for a wide range of build systems and compilers, the ctest and cpack utilities for defining test scripts and package building, with the cmake-gui utility for interactively setting build parameters.

Get more info new features at official page.