发布日期：2019-06-10
更新日期：2019-06-10

受影响系统：

Ghostscript Ghostscript 9.23
Oracle Solaris
Red Hat Redhat Enterprise Linux 7
Red Hat Redhat Enterprise Linux 6
Comodo Group Trustix Secure Enterprise Linux 2.2
Comodo Group Trustix Secure Enterprise Linux 2.1
Comodo Group Trustix Secure Enterprise Linux 2.0
Pulse Secure Pulse Connect Secure 9.0R3
Pulse Secure Pulse Connect Secure 9.0R2
Pulse Secure Pulse Connect Secure 9.0R1
Pulse Secure Pulse Connect Secure 8.3R7
Pulse Secure Pulse Connect Secure 8.3R6
Pulse Secure Pulse Connect Secure 8.3R5
Pulse Secure Pulse Connect Secure 8.3R4
Pulse Secure Pulse Connect Secure 8.3R1
Pulse Secure Pulse Connect Secure 8.2R6
Pulse Secure Pulse Connect Secure 8.2R5
Pulse Secure Pulse Connect Secure 8.2R11
Pulse Secure Pulse Connect Secure 8.2R10
Pulse Secure Pulse Connect Secure 8.2R1.1
Pulse Secure Pulse Connect Secure 8.2R1
Pulse Secure Pulse Connect Secure 8.2R0

不受影响系统：

Pulse Secure Pulse Connect Secure 9.0R4
Pulse Secure Pulse Connect Secure 9.0R3.4
Pulse Secure Pulse Connect Secure 8.3R7
Pulse Secure Pulse Connect Secure 8.2R12.1

描述：

---

BUGTRAQ  ID: 105178
CVE(CAN) ID: CVE-2018-15909

Ghostscript是一套基于Adobe、PostScript及可移植文档格式（PDF）的页面描述语言等而编译成的免费软件。
在2018-08-24之前的Artifex Ghostscript 9.23中，使用.shfill运算符的类型混淆可能被攻击者用来提供精心制作的PostScript文件以使解释器崩溃或可能执行代码。

<*链接：https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html
*>

建议：

---

厂商补丁：

Oracle
------
Oracle已经为此发布了一个安全公告（CVE-2018-15909）以及相应补丁:
CVE-2018-15909：Oracle Solaris Third Party Bulletin - January 2019
链接：https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html

补丁下载：

浏览次数：1266
严重程度：0（网友投票）