Bug 208999 - app-text/ghostscript-* Stack-based buffer overflow in .seticcspace (CVE-2008-0411)
|
Bug#:
208999
(CVE-2008-0411)
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: major
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: rbu@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://scary.beasts.org/security/CESA-2008-001.html
|
|
Summary: app-text/ghostscript-* Stack-based buffer overflow in .seticcspace (CVE-2008-0411)
|
|
Keywords:
|
|
Status Whiteboard: A2 [glsa]
|
|
Opened: 2008-02-05 13:58 0000
|
Stack-based buffer overflow in the zseticcspace() function in zicc.c, will
result in arbitrary code execution.
Currently under embargo, awaiting upstream patch. The $URL is private.
Tom and Stefan, can you please create an ebuild with the patch applied and
attach it to this bug. Do not commit anything to CVS yet as long as this bug is
under embargo.
Tom and Stefan, can you please prepare an ebuild so we can test this before
Feb. 27?
Created an attachment (id=144554) [details]
ghostscript-gnu-8.60.0-r1.ebuild.patch
I'll attach patch's for maintainer and others review. This one is for
ghostscript-gnu. Other ghostscript packages will follow as soon as I test
them...
Created an attachment (id=144561) [details]
ghostscript-gpl-8.61-r2.ebuild.patch
And this is patch for ghostscript-gpl. But note during commit patch itself
should go into ghostscript-gpl-8.61-patchset-4.tar.bz2. So this patch is for
testing purposes only.
Arch Security Liaisons, please test the attached ebuilds and report stable on
this bug.
=app-text/ghostscript-esp-8.15.4-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390
sh sparc x86"
=app-text/ghostscript-gnu-8.60.0-r2
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"
=app-text/ghostscript-gpl-8.61-r3
Target keywords : "ppc64 release"
CC'ing current Liaisons:
alpha : ferdy
amd64 : welp
hppa : jer
ppc : dertobi123
ppc64 : corsair
release : pva
sparc : fmccor
x86 : opfer
Oh, and thanks Peter for preparing the ebuilds and doing some QA on the
existing ones.
(In reply to comment #7)
> Arch Security Liaisons, please test the attached ebuilds and report stable on
> this bug.
There is something wrong with the keywords:
> =app-text/ghostscript-gpl-8.61-r3
> Target keywords : "ppc64 release"
Especially this one.
(In reply to comment #10)
> (In reply to comment #7)
> > Arch Security Liaisons, please test the attached ebuilds and report stable on
> > this bug.
>
> There is something wrong with the keywords:
> > =app-text/ghostscript-gpl-8.61-r3
> > Target keywords : "ppc64 release"
>
> Especially this one.
Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the
future and this bug doesn't have an attachment that patches a ghostscript-esp
ebuild.
Also odd is that patch to a few ebuilds were posted instead of the new ebuilds
themselves as is common practice.
(In reply to comment #11)
> (In reply to comment #10)
> > (In reply to comment #7)
> > > Arch Security Liaisons, please test the attached ebuilds and report stable on
> > > this bug.
> >
> > There is something wrong with the keywords:
> > > =app-text/ghostscript-gpl-8.61-r3
> > > Target keywords : "ppc64 release"
> >
> > Especially this one.
>
> Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the
> future and this bug doesn't have an attachment that patches a ghostscript-esp
> ebuild.
It does. See comment #5.
> Also odd is that patch to a few ebuilds were posted instead of the new ebuilds
> themselves as is common practice.
Not that bad.
(In reply to comment #10)
> There is something wrong with the keywords:
Yes, sorry. I mixed up gpl and gnu.
=app-text/ghostscript-esp-8.15.4-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390
sh sparc x86"
=app-text/ghostscript-gnu-8.60.0-r2
Target keywords : "ppc64 release"
=app-text/ghostscript-gpl-8.61-r3
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"
Ok...-gpl and -esp fine on x86, they survived my stress test with different
things on a really huge PostScript file.
(In reply to comment #12)
> It does. See comment #5.
Ow, missed that. Sorry.
> > Also odd is that patch to a few ebuilds were posted instead of the new ebuilds
> > themselves as is common practice.
>
> Not that bad.
It's bad when you require seven people to download and apply three patches
individually - it's one more step to perform in testing each of the ebuilds.
Jeroen I didn't knew that and will do next time. Right now I've downloaded 5
patches for shorewall* packages and believe me - patches are not so hard to use
;) Just 2-3 additional commands but they worth it as patch greatly simplify
review. If that's necessary I can attach full ebuilds now.
ghostscript-esp is good for HPPA too.
looks good on ppc64, too.
ghostscript-gpl-8.61.r2 is good on sparc; the others look good on sparc. I
also thought ghostscript-esp was either dying or dead, but it does look good.
Why are we keeping it around?
Looks good for amd64 too.
This is public now. Peter/Printing, can you commit this to the tree with the
stable keywords mentioned here. I can re-cc the missing arches.
Commited in the tree.
Target keywords left:
=app-text/ghostscript-esp-8.15.4-r1: "release, alpha, arm, ia64, m68k, mips,
s390, sh"
=app-text/ghostscript-gpl-8.61-r3: "release, alpha, arm, ia64, m68k, sh"
Seems that the only reason to keep app-text/ghostscript-esp in the tree is that
mips, s390 and sh still have not keyworded/stabilized
app-text/ghostscript-{gpl,gnu}.
alpha/ia64 stable, Robert, i think i told you to cc me on restricted bugs, i
hate you now! :P
Fixed in release snapshot.
Just a note: I committed ghostscript-gpl-8.62 to the tree a few minutes ago
which had the fix applied upstream.
