Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 9 Sep 2018 12:26:01 -0700
From: Tavis Ormandy <taviso@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Re: Ghostscript 9.24 issues

On Sat, Sep 8, 2018 at 3:42 AM Marius Bakke <mbakke@...tmail.com> wrote:

> Tavis Ormandy <taviso@...gle.com> writes:
>
> > Quick update, this
> > <http://git.ghostscript.com/?p=ghostpdl.git&a=commitdiff&h=5812b1b78fc4>
> > commit fixes that problem, but I noticed that fix is incomplete and can
> be
> > bypassed, so filed another bug for that (the new bug is 699718).
>
> I see <https://bugs.chromium.org/p/project-zero/issues/detail?id=1640>
> is now closed.  As far as I can tell, these are the (only) commits
> necessary on top of 9.24[*]:
>
>
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
>
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
>
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002fb9c131313253c307cf3951b3d47
>
> Which are all variations of CVE-2018-16509.  Is my understanding correct?
>
>
Yes, I think that's enough for all the issues I reported. There are some
more security commits in git (like this one
<http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624>)
that are not from me though. That one in particular seems like a good idea,
errordict is like window.onerror in PostScript, a top-level exception
handler. It's hard to believe there are many legitimate untrusted documents
using complex exception handling logic ¯\_(ツ)_/¯


> Many thanks to Tavis and P0 for finding these and keeping us in the
> loop!
>
> [*] You'll also need this to make 2&3 apply:
>
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e914f1da46e33decc534486598dc3eadf69e6efb
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.