> The version of Ghostscript was from 2012 and this allowed a specially crafted PDF file to execute a SUID binary and the attacker to gain access.<p>I don't care what version of Freebsd you're using. If your webapp is running Ghostscript against user-supplied data without doing so in a throwaway VM or at least container of some sort, no amount of updating will save you. That is an insane piece of software to be feeding untrusted input to without wearing a condom.
Not from 2019 - from 2014.<p>FreeBSD 10.1 was released in 2014 and reached EoL in 2018.<p>I can compile FreeBSD 10.1 today and the displayed date by `uname` will be 2025 - that does not mean that code is from 2025 - only that it was compiled in 2025.<p>Hope that helps.
Such high profile target without security patches for system and probably outdated pkgs/ports for at least 3 years, I am actually surprised they survived that long.
I know we don't comment on formatting here, but WTF is this website?? I can't tell whether this is some early AI experiment or just someone trying to imitate the slang used on 4chan, and also there are ads covering literally two thirds of my screen. It almost feels like a parody. Is it?