Max Vozeler has reported a vulnerability in netpbm, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to pstopnm not using the "-dSAFER" option when calling GhostScript to convert a PostScript file into a PBM, PGM, or PNM file. This allows a malicious PostScript file to execute arbitrary commands on a vulnerable system. The vulnerability has been reported in version 10.0. Other versions may also be affected. Reproducible: Always Steps to Reproduce: 1. 2. 3. Solution: Only use pstopnm on trusted files. http://secunia.com/advisories/16184/
graphics please advise.
Created attachment 64419 [details, diff] Fix by debian Patch proposed by Debian
graphics herd, please apply Debian patch
Bumped to 10.28 and patched ebuild is in portage. This release fixes also insecure temp file in ppmtompeg.
Arches please test and mark stable.
Stable on hppa
stable on ppc64
Stable on alpha Cheers, Ferdy
ppc stable
Stable on amd64.
sparc stable
10.28 still misses hppa... x86/maintainer: please also text and mark x86 stable
x86 done
Stable on hppa again.
We must decide if we issue a GLSA on this one. The problem here is that we consider as unexpected behavior the fact that pstotext or pstopnm execute blindly the PS (potentially honoring the pipe commands to execute arbitrary stuff). A behavior that we consider "as documented" when it's for Ghostscript itself. My position is that a vast majority of users won't know that pstotext and pstopnm will execute Ghostscript in a way potentially allowing code execution, so the GLSAs are justified. That said, they probably don't know that regular PS files fed to Ghostscript also will. I would prefer -dSAFER enabled by default in Ghostscript (which should come in a next version). Let's say GS is a sufficiently low-level tool that its users know what they are doing, hence it's not really considered a vulnerability ?
I would normally vote no, but following the pstopnm issue we should probably glsa this one as well, so YES.
Stable on ia64.
Yeah pstotext sets a (bad?) precedent so I tend to vote Yes.
OK let's go then
GLSA 200508-04 arm and mips should mark stable to benefit from GLSA
Stable on mips.