Taggart :donor: on Nostr: Misskey and forks are vulnerable. > The recent CVE-2024-29510 vulnerability (Remote ...
Misskey and forks are vulnerable.
> The recent CVE-2024-29510 vulnerability (Remote Code Execution in Ghostscript) has been found to be exploitable against Sharkey and other Misskey-based software under specific environments. This is not a vulnerability in Sharkey itself, but in an optional dependency that may be installed as a system library. The official Sharkey docker images are not vulnerable, but bare-metal installations may be affected.
>
> An instance may be vulnerable if:
> - libgs and imagemagick are both installed.
> - libgs is older than 10.02.1, 10.01.2, 9.55.0, or 9.50.
>
> __To check the version of libgs:__
> - Execute dpkg -l | grep -P "ii\s+libgs\d".
> - If no results are found, then libgs is not installed and not vulnerable.
> - If the third column starts with 10.02.1, 10.01.2, 9.55.0, or 9.50, then libgs is patched and not vulnerable.
> - Otherwise, libgs is vulnerable.
>
> To patch the vulnerability:
> - Update libgs to the latest available version. The instructions will vary between environments.
> The recent CVE-2024-29510 vulnerability (Remote Code Execution in Ghostscript) has been found to be exploitable against Sharkey and other Misskey-based software under specific environments. This is not a vulnerability in Sharkey itself, but in an optional dependency that may be installed as a system library. The official Sharkey docker images are not vulnerable, but bare-metal installations may be affected.
>
> An instance may be vulnerable if:
> - libgs and imagemagick are both installed.
> - libgs is older than 10.02.1, 10.01.2, 9.55.0, or 9.50.
>
> __To check the version of libgs:__
> - Execute dpkg -l | grep -P "ii\s+libgs\d".
> - If no results are found, then libgs is not installed and not vulnerable.
> - If the third column starts with 10.02.1, 10.01.2, 9.55.0, or 9.50, then libgs is patched and not vulnerable.
> - Otherwise, libgs is vulnerable.
>
> To patch the vulnerability:
> - Update libgs to the latest available version. The instructions will vary between environments.