Date: Thu, 11 Oct 2018 10:20:17 -0700 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) On Tue, Oct 9, 2018 at 6:58 AM Tavis Ormandy <taviso@...gle.com> wrote: > > The fix is public now, here are the necessary commit: > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0 > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94 > > > A small update, one of these commits was to mark all procedures that use dangerous operators as operators themselves. The idea is that error handlers will only see the top-level operator and not any sub-operators (I know, this is getting complicated). I noticed a procedure upstream missed, .loadfontloop. Upstream have double checked if there were any others, and I did too - we think that is all of them. So this commit is necessary as well: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63 Thanks, Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.