View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011584 | Rocky-Linux-8 | ghostscript | public | 2026-01-03 00:17 | 2026-01-03 00:17 |
| Reporter | Brad Thompson | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | Linux | OS | Rocky Linux | OS Version | 8.10 |
| Summary | 0011584: Ghostscript 9.27-17.el8_10 horribly outdated and multiple CVE Vulnerabilities | ||||
| Description | GhostScript needs to be upgraded to version 10.05.0 or above. All NVD Base Score 9.8 CVE-2025-27837 CVE-2025-27831 CVE-2025-27836 CVE-2025-27837 CVE-2025-27831 CVE-2025-27836 | ||||
| Steps To Reproduce | Alerts produced by Sentinel One. | ||||
| Additional Information | Temporary hardening is possible. # Disable PostScript/PDF processing in ImageMagick policy (if not needed) sudo nano /etc/ImageMagick-6/policy.xml Add these lines before </policymap> to block Ghostscript delegates: <policy domain="coder" rights="none" pattern="PS" /> <policy domain="coder" rights="none" pattern="EPS" /> <policy domain="coder" rights="none" pattern="PDF" /> This prevents ImageMagick from processing PDF/PostScript files entirely, eliminating the Ghostscript attack vector while keeping imagick functional for image formats. Only implement this if your hosted sites don't need PDF manipulation through ImageMagick. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-01-03 00:17 | Brad Thompson | New Issue |
