Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
Hi,
On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> Tavis Ormandy disclosed a new ghoscript security issue, leading directly to code
> execution: http://openwall.com/lists/oss-security/2018/08/21/2
There are actually several issues, see the whole thread. For now since
you filled this bug will track all those with this bug entry. Proper
evaluation though is still pending (and Moritz is taking care of
strech, adding this note to dsa-needed file ("needs some research on
issues found by Tavis").
See
https://www.kb.cert.org/vuls/id/332928
the current set of fixes:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
Regards,
Salvatore
Reply to: