Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER

To: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>, 907332@bugs.debian.org
Subject: Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 26 Aug 2018 21:55:14 +0200
Message-id: <[🔎] 20180826195514.GA9377@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 907332@bugs.debian.org
In-reply-to: <[🔎] 153530333844.30062.15148412983907947587.reportbug@neon.citronna.de>
References: <[🔎] 153530333844.30062.15148412983907947587.reportbug@neon.citronna.de> <[🔎] 153530333844.30062.15148412983907947587.reportbug@neon.citronna.de>

Hi,

On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> Tavis Ormandy disclosed a new ghoscript security issue, leading directly to code
> execution:  http://openwall.com/lists/oss-security/2018/08/21/2

There are actually several issues, see the whole thread. For now since
you filled this bug will track all those with this bug entry. Proper
evaluation though is still pending (and Moritz is taking care of
strech, adding this note to dsa-needed file ("needs some research on
issues found by Tavis").

See

https://www.kb.cert.org/vuls/id/332928

the current set of fixes:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
  - From: Jonas Smedegaard <jonas@jones.dk>

References:
- Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
  - From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>

Prev by Date: Processed: tagging 907332
Next by Date: Processed: tagging 907332, found 907332 in 9.20~dfsg-1
Previous by thread: Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
Next by thread: Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
Index(es):
- Date
- Thread