galaxis

@galaxis@mastodon.infra.de

generic computer and internetworking geek

network and systems administration, infosec, retrocomputing

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

GossiTheDog , 2 days ago to random

I think CVE-2024-29510 (Ghostscript vuln) may apply to Mastodon, as Mastodon sends images to ImageMagick, which can call Ghostscript. But I might be wrong.

Reply

Expand (8)

Collapse (8)

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...

+ h3artbl33d

galaxis , 2 days ago

@GossiTheDog Hrm. While the imagemagick-6.q16 package (on Debian) recommends ghostscript (and it is installed on my Mastodon instance), there's no hard dependency. I don't think Mastodon deals with any file formats that require ghostscript processing? Certainly not pdf or ps...

Should be safe to uninstall when it's considered a possible attack vector...

Reply

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...

galaxis , 2 days ago

@h3artbl33d Yeah, in the worst case, reprocessing some media would fail, so I took the opportunity to nuke it from this install.

Reply

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...