
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>

<p>Hi Ronny,</p>

<p>What operating system are your refering to? QGIS on Windows? Mac? Linux?</p>

<p>QGIS doesn't use ghostscript and doesn't install ghostscript.</p>

<p>But you might have installed ghostscript through OSGeo4W. If there is anything to patch, then it is in OSGeo4W and the various Linux and MacOS distributions.</p>

<p>How did you install QGIS? Through the OSGeo4W installer or with the standalone installer or .msi installer?</p>

<p>Greetings,</p>

<p>Andreas</p>

<p id="reply-intro">On 2023-07-19 13:21, Ronny Kerlin via QGIS-User wrote:</p>

<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">

<div id="replybody1">

<div>

<div dir="ltr">

<div class="v1gmail_quote">

<div dir="ltr">

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;">Hello QGI's team,<br /><br />We have an important question regarding a recent vulnerability [ CVE-2023-36664 ] affecting Ghostscript<br /><br /><a href="https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability" target="_blank" rel="noopener noreferrer">https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability</a><br /><br /><a href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betreff-LibreOffice-und-mehr-9215627.html" target="_blank" rel="noopener noreferrer">https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betreff-LibreOffice-und-mehr-9215627.html</a><br /><a href="https://www.borncity.com/blog/2023/07/13/critical-rce-vulnerability-cve-2023-36664-in-ghostscript-endangered-systems/" target="_blank" rel="noopener noreferrer">https://www.borncity.com/blog/2023/07/13/critical-rce-vulnerability-cve-2023-36664-in-ghostscript-endangered-systems/</a><br /><br /><br />There are also corresponding GS libraries in #QGIS 3.28.4.<br /><br />Now how can I fix the above vulnerability or is there no concern for QGis?<br /><br />Thank you in advance for your efforts.<br />Best regards<br /><br />Ronny</p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;"> </span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;"> </span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;"> </span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;"> </span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;">###### Hallo QGIs Team,<span></span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt;"><span style="font-family: times new roman,serif; font-size: small;"><span> </span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; font-size: small;">wir haben ein wichtige Frage zu einer aktuellen Sicherheitslücke [ CVE-2023-36664 ], die im Zusammenhang mit Ghostscript auftritt </span><a style="color: #0563c1; text-decoration: underline;" href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html" target="_blank" rel="noopener noreferrer"><br /></a></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"> </p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"><a href="https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability" target="_blank" rel="noopener noreferrer">https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability</a> </p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"> </p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"> </p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"> </p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"><a style="color: #0563c1; text-decoration: underline;" href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html" target="_blank" rel="noopener noreferrer"><br />https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html</a><span>  </span><br /><a style="color: #0563c1; text-decoration: underline;" href="https://www.borncity.com/blog/2023/07/13/kritische-rce-schwachstelle-cve-2023-36664-in-ghostscript-bedroht-systeme/" target="_blank" rel="noopener noreferrer">https://www.borncity.com/blog/2023/07/13/kritische-rce-schwachstelle-cve-2023-36664-in-ghostscript-bedroht-systeme/</a><span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"><span> </span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;">In der <strong>#QGIS</strong> 3.28.4 gibt es auch entsprechende GS Bibliotheken.  <br /><br />Wie kann ich jetzt die oben genannte Sicherheitslücke schließen oder gibt es für QGis keine Bedenken?<span></span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;"><span> </span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;">Vielen Dank im Voraus für eure Bemühungen.<span></span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;"><span> </span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;">Viele Grüße<span></span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;"><span> </span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt;"><span style="font-family: times new roman,serif; color: #000000;">Ronny<span></span></span></p>

<p class="v1MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: 'Calibri',sans-serif;"><span style="font-family: times new roman,serif; color: #000000;"><span> </span></span></p>

</div>

</div>

</div>

</div>

</div>

<br />

<div class="pre" style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br />QGIS-User mailing list<br /><a href="mailto:QGIS-User@lists.osgeo.org">QGIS-User@lists.osgeo.org</a><br />List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-user" target="_blank" rel="noopener noreferrer">https://lists.osgeo.org/mailman/listinfo/qgis-user</a><br />Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-user" target="_blank" rel="noopener noreferrer">https://lists.osgeo.org/mailman/listinfo/qgis-user</a></div>

</blockquote>

<p><br /></p>


</body></html>