SERviceDesk Knowledge Base - Concept Exploit in Ghostscript CVE-2023-36664

Description

Die folgenden SER-Softwarekomponenten sind potentiell von dieser Sicherheitslücke betroffen:

Doxis Rendition Server
Doxis PDF&TIFF Producer

Mitigation

Rendition Server

There is a Hotfix for current versions.
Older versions must be updated to a current, patched version.

[Update 01/26/24]

In rare cases the conversion fails because the "CreateFlex" feature is not licensed.

This message is related to this hotfix and has been resolved with the installation of Doxis Rendition Server 12.0.1 and the dmstools 2.23.0.6 delivered with it.

Updating to 12.0.1 is therefor highly recommended!

PDF&TIFF Producer

Hotfix is available for version 2.23.0.0.
Version 2.23.0.2 will be released in CW29.

[DBE, 18.07.2022 15:41]

Additional Links

Official CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-36664

BSI: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-248889-1012.pdf?__blob=publicationFile&v=2

Downloads

Bei Bedarf kann der Hotfix durch Ihren SER Projektansprechpartner zur Verfügung gestellt werden (https://ser-group.atlassian.net/browse/SUPP-1470?focusedCommentId=901122)