Stack-based buffer overflow in the zseticcspace() function in zicc.c, will result in arbitrary code execution. Currently under embargo, awaiting upstream patch. The $URL is private.
Tom and Stefan, can you please create an ebuild with the patch applied and attach it to this bug. Do not commit anything to CVS yet as long as this bug is under embargo.
Created attachment 143467 [details, diff] ghostscript-8.60-CVE-2008-0411.diff
Tom and Stefan, can you please prepare an ebuild so we can test this before Feb. 27?
Created attachment 144554 [details, diff] ghostscript-gnu-8.60.0-r1.ebuild.patch I'll attach patch's for maintainer and others review. This one is for ghostscript-gnu. Other ghostscript packages will follow as soon as I test them...
Created attachment 144560 [details, diff] ghostscript-esp-8.15.4.ebuild.patch Patch for ghostscript-esp. Includes lot's of quotations fixes.
Created attachment 144561 [details, diff] ghostscript-gpl-8.61-r2.ebuild.patch And this is patch for ghostscript-gpl. But note during commit patch itself should go into ghostscript-gpl-8.61-patchset-4.tar.bz2. So this patch is for testing purposes only.
Arch Security Liaisons, please test the attached ebuilds and report stable on this bug. =app-text/ghostscript-esp-8.15.4-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" =app-text/ghostscript-gnu-8.60.0-r2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" =app-text/ghostscript-gpl-8.61-r3 Target keywords : "ppc64 release" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer
Oh, and thanks Peter for preparing the ebuilds and doing some QA on the existing ones.
Both are good for HPPA.
(In reply to comment #7) > Arch Security Liaisons, please test the attached ebuilds and report stable on > this bug. There is something wrong with the keywords: > =app-text/ghostscript-gpl-8.61-r3 > Target keywords : "ppc64 release" Especially this one.
(In reply to comment #10) > (In reply to comment #7) > > Arch Security Liaisons, please test the attached ebuilds and report stable on > > this bug. > > There is something wrong with the keywords: > > =app-text/ghostscript-gpl-8.61-r3 > > Target keywords : "ppc64 release" > > Especially this one. Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the future and this bug doesn't have an attachment that patches a ghostscript-esp ebuild. Also odd is that patch to a few ebuilds were posted instead of the new ebuilds themselves as is common practice.
(In reply to comment #11) > (In reply to comment #10) > > (In reply to comment #7) > > > Arch Security Liaisons, please test the attached ebuilds and report stable on > > > this bug. > > > > There is something wrong with the keywords: > > > =app-text/ghostscript-gpl-8.61-r3 > > > Target keywords : "ppc64 release" > > > > Especially this one. > > Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the > future and this bug doesn't have an attachment that patches a ghostscript-esp > ebuild. It does. See comment #5. > Also odd is that patch to a few ebuilds were posted instead of the new ebuilds > themselves as is common practice. Not that bad.
(In reply to comment #10) > There is something wrong with the keywords: Yes, sorry. I mixed up gpl and gnu. =app-text/ghostscript-esp-8.15.4-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" =app-text/ghostscript-gnu-8.60.0-r2 Target keywords : "ppc64 release" =app-text/ghostscript-gpl-8.61-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"
Ok...-gpl and -esp fine on x86, they survived my stress test with different things on a really huge PostScript file.
(In reply to comment #12) > It does. See comment #5. Ow, missed that. Sorry. > > Also odd is that patch to a few ebuilds were posted instead of the new ebuilds > > themselves as is common practice. > > Not that bad. It's bad when you require seven people to download and apply three patches individually - it's one more step to perform in testing each of the ebuilds.
Jeroen I didn't knew that and will do next time. Right now I've downloaded 5 patches for shorewall* packages and believe me - patches are not so hard to use ;) Just 2-3 additional commands but they worth it as patch greatly simplify review. If that's necessary I can attach full ebuilds now.
ghostscript-esp is good for HPPA too.
looks good on ppc ...
looks good on ppc64, too.
ghostscript-gpl-8.61.r2 is good on sparc; the others look good on sparc. I also thought ghostscript-esp was either dying or dead, but it does look good. Why are we keeping it around?
Looks good for amd64 too.
This is public now. Peter/Printing, can you commit this to the tree with the stable keywords mentioned here. I can re-cc the missing arches.
Commited in the tree. Target keywords left: =app-text/ghostscript-esp-8.15.4-r1: "release, alpha, arm, ia64, m68k, mips, s390, sh" =app-text/ghostscript-gpl-8.61-r3: "release, alpha, arm, ia64, m68k, sh" Seems that the only reason to keep app-text/ghostscript-esp in the tree is that mips, s390 and sh still have not keyworded/stabilized app-text/ghostscript-{gpl,gnu}.
alpha/ia64 stable, Robert, i think i told you to cc me on restricted bugs, i hate you now! :P
mips is going all ~arch.
Fixed in release snapshot.
Seems ready for GLSA.
Just a note: I committed ghostscript-gpl-8.62 to the tree a few minutes ago which had the fix applied upstream.
GLSA 200803-14
