[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Oct 2018 10:20:17 -0700
From: Tavis Ormandy <taviso@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)
On Tue, Oct 9, 2018 at 6:58 AM Tavis Ormandy <taviso@...gle.com> wrote:
>
> The fix is public now, here are the necessary commit:
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94
>
>
>
A small update, one of these commits was to mark all procedures that use
dangerous operators as operators themselves. The idea is that error
handlers will only see the top-level operator and not any sub-operators (I
know, this is getting complicated).
I noticed a procedure upstream missed, .loadfontloop. Upstream have double
checked if there were any others, and I did too - we think that is all of
them.
So this commit is necessary as well:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63
Thanks, Tavis.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
