From owner-freebsd-questions@freebsd.org Wed Aug 22 11:41:59 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03ED210860AB for ; Wed, 22 Aug 2018 11:41:59 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-oln040092007095.outbound.protection.outlook.com [40.92.7.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F53170075 for ; Wed, 22 Aug 2018 11:41:58 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x3Ddsb+b9LQqa1CsoYhnTH3Vv6SoKijbbsvc+syNzik=; b=i0P9x00fU5Ji+NIVPN9FbKwNPQfU7n9aJbSvhrJk/9uj0O48KzvKotxtmmK+b3dZKp+Hrka82d4I2a/uKp998hI7pZDA7kmdB0UcgCH4H9Xm7xobTuaLAgWWoI58olJPpSsgTEtjgEVAIW9B0l6EQUoW7jMXSQIKqq9JblxWhM5DnwTXZ74dLWG6cENtm9ZzSCR4d5lAwnO8VbFpEUqJKd35NSmgRSD794XHb2IeTBf8xtE/4LC765qlUIIVv7WIe04iv7fVjH6EIQvSfNGwUU8PbKnKmREZIzusxxA5uzyWdynANoBn6pw93KMsxH+0N8vz8wFXHXkw1RqpHm3bRw== Received: from CO1NAM03FT025.eop-NAM03.prod.protection.outlook.com (10.152.80.57) by CO1NAM03HT151.eop-NAM03.prod.protection.outlook.com (10.152.81.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1080.9; Wed, 22 Aug 2018 11:41:56 +0000 Received: from SN1PR20MB2109.namprd20.prod.outlook.com (10.152.80.53) by CO1NAM03FT025.mail.protection.outlook.com (10.152.80.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.1080.9 via Frontend Transport; Wed, 22 Aug 2018 11:41:56 +0000 Received: from SN1PR20MB2109.namprd20.prod.outlook.com ([fe80::3842:d077:d677:4c86]) by SN1PR20MB2109.namprd20.prod.outlook.com ([fe80::3842:d077:d677:4c86%2]) with mapi id 15.20.1080.010; Wed, 22 Aug 2018 11:41:56 +0000 From: Carmel NY To: FreeBSD Subject: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities Thread-Topic: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities Thread-Index: AQHUOg0hIixzgnacZUmzafLF3GGgfw== Date: Wed, 22 Aug 2018 11:41:56 +0000 Message-ID: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BN6PR19CA0065.namprd19.prod.outlook.com (2603:10b6:404:e3::27) To SN1PR20MB2109.namprd20.prod.outlook.com (2603:10b6:802:28::14) x-mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; i686-w64-mingw32) x-incomingtopheadermarker: OriginalChecksum:1CB28759FC95CC65066CCD49F49DD897D8F57257662C2D7DDB062FA243711E43; UpperCasedChecksum:C4A5E30EA88D75A823C38C5A3326436F24BDC61572D81ADE9F736DBCB5993BBC; SizeAsReceived:7407; Count:49 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [qSw4VWysmEAEE/vkoUpU2Pv7w+3eHvPW] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO1NAM03HT151; 6:rrI7ykEBzbeR3L1NvUaAqi7s+p2SNOFo0rhzVcClsnJuFI9eqv03IHoyhsRoET4ANcPL7rEyN0WcshThhubhxqREQpHnRwJeGemF5IzLjFq5SqzWk4T2CP/QbpGtK7X+RMczMnx3H9WKCDkahKFVPAw8W0NycH6lXPxfE4qOZI1S+Jozb+613WKvf0UhsWTXxYPscA3DOmv/hc3sHf551AAMzbB0MbLM7JbqSLFuv/ryN/ESfN/a48z22UhbCq4IGLBoRQ7v+43dKszUSZ/wwdGx8e/uE+DcF+JXGlMSaY4U/+DIE2wGhrkY2aK4aitBcaJLV0yJjLXaXlgrNfW6dxCUNwavIV/kx3CzSMOAW1qJIl3vgOY1Y3J2x6pHwZBApyv6f2pl2hy/jnWrR/LFNenU+b442Q+njODOgUrwYkNQEOo08wVQDTvBvaQJIE/wuPoEn+m18WBIhN+yX3Pkkw==; 5:1aqeJrH9d/6vVRMkXOapDRFbapD9IjeN51o4v28pzz7Az/pfVfYLZYp78z6WBA5taju2z6f8SJZj5i0pVDLDcftiUm1pZTcRNo9rK7KeiYhsxbvULBMg2ueU8VKts06oKnWLjkpUOluNV3S70er4Rsjr1m+Me7fMsZ+P08Yi59g=; 7:k6WzBXO8+iYWm4UTxH1Vwo0ltvKuXh8qaIOOtp01aMIvtFscujS8QaU2TSXpLhiVhLy2iGwGtStZgO8Fx1MesVnMUnONg730m8Z1oRQy9GTOIgtdVqIZpRve4E71zixG2kVhwqRPtojeVl7cZY48fMMwLn+jW+OlmnmTCtZ7FyJ9br4jgRc81S4h8FwEutAu3rv+ZKRQlighZ2xyzf3QYoN5Va3KHfC20bMc5TxJcuWAQXo6V834Fz19YlSxF+2G x-incomingheadercount: 49 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101475)(1601125500)(1701031045); SRVR:CO1NAM03HT151; x-ms-traffictypediagnostic: CO1NAM03HT151: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:CO1NAM03HT151; BCL:0; PCL:0; RULEID:; SRVR:CO1NAM03HT151; x-forefront-prvs: 0772E5DAD5 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(189003)(199004)(26005)(6346003)(74316002)(966005)(87572001)(33656002)(386003)(102836004)(68736007)(14454004)(2900100001)(25786009)(97736004)(81156014)(305945005)(20460500001)(8676002)(50226002)(6436002)(8936002)(55016002)(6306002)(6916009)(5660300001)(104016004)(105586002)(7696005)(82202002)(5250100002)(106356001)(558084003)(486006)(86362001)(476003)(99286004)(43066004)(56003)(14444005)(426003)(256004); DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM03HT151; H:SN1PR20MB2109.namprd20.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: outlook.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=carmel_ny@outlook.com; x-microsoft-antispam-message-info: GsY9VphdsXAIkJLL9qdNcG9XscYBpY1759JH/H/t1adu7WHODSdZpY4L3C1JEN5CYRxGytZ1OFxZ8XPgohjaWEkpIN6iQfD00Ft7VLIIQ7LAyFx6hoyTzdagH3JIriB4OHexfMIMG2OCTwyEog78hi/eDw6k441nO03ma5IoijPh7n9wwQ+9ozcmoXfFiTu8IMU8XcOWn/y++RtV8WsqZEOnNfhqZOEwQxBuHP75CHo= Content-Type: text/plain; charset="us-ascii" Content-ID: <73FA4EB9BF971D4EBDF4E29E00533472@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 9a4e3081-9524-43cf-bfc3-dcaef82d5da1 X-MS-Exchange-CrossTenant-Network-Message-Id: 1a0890bd-f492-4721-32c6-08d608244339 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 9a4e3081-9524-43cf-bfc3-dcaef82d5da1 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2018 11:41:56.5024 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT151 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2018 11:41:59 -0000 I just received the following US-CERT notification: https://www.us-cert.gov/ncas/current-activity/2018/08/21/Ghostscript-Vulner= ability https://www.kb.cert.org/vuls/id/332928 I am not sure if this affects Ghostscript usage on FreeBSD or not. --=20 Carmel