blob: bed9aa95c97f5399431fbe140f2ffea6067e3b89 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
$NetBSD: patch-config_policy.xml,v 1.2.2.2 2018/08/25 19:26:01 bsiegert Exp $
Disable ghostscript coders by default to workaround VU#332928:
<https://www.kb.cert.org/vuls/id/332928>
--- config/policy.xml.orig 2018-08-13 11:05:28.000000000 +0000
+++ config/policy.xml
@@ -74,4 +74,16 @@
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
<!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+
+ <!--
+ -- Disable ghostscript coders as suggested by VU#332928
+ -- <https://www.kb.cert.org/vuls/id/332928>
+ -->
+ <policy domain="coder" rights="none" pattern="PS" />
+ <policy domain="coder" rights="none" pattern="PS2" />
+ <policy domain="coder" rights="none" pattern="PS3" />
+ <policy domain="coder" rights="none" pattern="EPS" />
+ <policy domain="coder" rights="none" pattern="PDF" />
+ <policy domain="coder" rights="none" pattern="XPS" />
+
</policymap>
|
