The series of vulnerabilities does not stop (, , , , , ) In , a set of tools for processing, converting and generating PostScript and PDF documents. Like past vulnerabilities () allows, when processing specially designed documents, to bypass the "-dSAFER" isolation mode (through manipulations with ".buildfont1") and gain access to the contents of the file system, which can be used to organize an attack to execute arbitrary code in the system (for example, by adding commands to ~ /.bashrc or ~/.profile). The fix is ββavailable as . You can follow the appearance of package updates in distributions on these pages: , , , , , , .
Recall that the vulnerabilities in Ghostscript pose an increased risk, since this package is used in many popular applications for processing PostScript and PDF formats. For example, Ghostscript is called when creating desktop thumbnails, when indexing data in the background, and when converting images. For a successful attack, in many cases, simply downloading the exploit file or browsing the directory with it in Nautilus is enough. Vulnerabilities in Ghostscript can also be exploited through image processors based on the ImageMagick and GraphicsMagick packages by passing them a JPEG or PNG file that contains PostScript code instead of an image (such a file will be processed in Ghostscript, since the MIME type is recognized by the content, and without relying on the extension).
Source: opennet.ru