Date: Sun, 9 Sep 2018 12:26:01 -0700 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: Ghostscript 9.24 issues On Sat, Sep 8, 2018 at 3:42 AM Marius Bakke <mbakke@...tmail.com> wrote: > Tavis Ormandy <taviso@...gle.com> writes: > > > Quick update, this > > <http://git.ghostscript.com/?p=ghostpdl.git&a=commitdiff&h=5812b1b78fc4> > > commit fixes that problem, but I noticed that fix is incomplete and can > be > > bypassed, so filed another bug for that (the new bug is 699718). > > I see <https://bugs.chromium.org/p/project-zero/issues/detail?id=1640> > is now closed. As far as I can tell, these are the (only) commits > necessary on top of 9.24[*]: > > > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590 > > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6 > > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002fb9c131313253c307cf3951b3d47 > > Which are all variations of CVE-2018-16509. Is my understanding correct? > > Yes, I think that's enough for all the issues I reported. There are some more security commits in git (like this one <http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624>) that are not from me though. That one in particular seems like a good idea, errordict is like window.onerror in PostScript, a top-level exception handler. It's hard to believe there are many legitimate untrusted documents using complex exception handling logic ¯\_(ツ)_/¯ > Many thanks to Tavis and P0 for finding these and keeping us in the > loop! > > [*] You'll also need this to make 2&3 apply: > > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e914f1da46e33decc534486598dc3eadf69e6efb >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.