FreeBSD : Ghostscript -- arbitrary code execution (30c0f878-b03e-11e8-be8a-0011d823eebd)
High Nessus Plugin ID 112281
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionCERT reports :
Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerability can also be exploited in applications that leverage Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular, Nautilus, and others.
Exploit code for this vulnerability is publicly available.
SolutionUpdate the affected packages.