graphics/ImageMagick{,6} packages and PS, EPS, PDF, XPS coders disabled by default (workaround for VU#332928)

To: pkgsrc-users%NetBSD.org@localhost
Subject: graphics/ImageMagick{,6} packages and PS, EPS, PDF, XPS coders disabled by default (workaround for VU#332928)
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Wed, 22 Aug 2018 15:59:13 +0200

Dear pkgsrc-users@,
in order to workaround possible sandbox bypass vulnerabilities
disclosed yesterday on oss-security@ mailing list^[0] by Tavis
Ormandy, PS, EPS, PDF, XPS coders that uses ghostscript and are
affected to that are now disabled by default in policy.xml (in
pkgsrc-current in ImageMagick-7.0.8.10nb2 and
ImageMagick6-6.9.9.38nb4)

If these coders are needed, please note that apart commenting/removing
lines added in policy.xml, the ghostscript coders can be enabled
per-user by copying policy.xml to ~/.config/ImageMagick/policy.xml
and adjusting it with the following lines:

  | [...]
  | <policy domain="coder" rights="read|write" pattern="PS" />
  | <policy domain="coder" rights="read|write" pattern="EPS" />
  | <policy domain="coder" rights="read|write" pattern="PDF" />
  | <policy domain="coder" rights="read|write" pattern="XPS" />
  | [...]

For more information please read:

 <https://www.kb.cert.org/vuls/id/332928>


Thanks!


[0]: http://openwall.com/lists/oss-security/2018/08/21/2

Prev by Date: Re: Build failure for finance/gnucash
Next by Date: portable make suffix transformation rules
Previous by Thread: uriparser 0.8.6 released
Next by Thread: portable make suffix transformation rules
Indexes:

Home | Main Index | Thread Index | Old Index