Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 635426 (CVE-2017-9610, CVE-2017-9611, CVE-2017-9612, CVE-2017-9618, CVE-2017-9619, CVE-2017-9620, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739, CVE-2017-9740, CVE-2017-9835)

Summary: <app-text/ghostscript-gpl-9.25: multiple vulnerabilities (CVE-2018-{15908,15909,15910,15911,16509,16510,16511,16513,16539,16540,16541,16542,16543,16585,16802})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alexander, cJ-gentoo, printing
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
app-text/ghostscript-gpl-9.25
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 618820, 626418, 655404    

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-25 16:17:05 UTC 
CVE-2017-9835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9835):
  The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21
  allows remote attackers to cause a denial of service (heap-based buffer
  overflow and application crash) or possibly have unspecified other impact
  via a crafted PostScript document. This is related to a lack of an integer
  overflow check in base/gsalloc.c.

CVE-2017-9740 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9740):
  The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
  Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
  service (heap-based buffer over-read and application crash) or possibly have
  unspecified other impact via a crafted document.

CVE-2017-9739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9739):
  The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS
  9.21 allows remote attackers to cause a denial of service (heap-based buffer
  over-read and application crash) or possibly have unspecified other impact
  via a crafted document.

CVE-2017-9727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9727):
  The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript
  GhostXPS 9.21 allows remote attackers to cause a denial of service
  (heap-based buffer over-read and application crash) or possibly have
  unspecified other impact via a crafted document.

CVE-2017-9726 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9726):
  The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS
  9.21 allows remote attackers to cause a denial of service (heap-based buffer
  over-read and application crash) or possibly have unspecified other impact
  via a crafted document.

CVE-2017-9620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9620):
  The xps_select_font_encoding function in xps/xpsfont.c in Artifex
  Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
  service (heap-based buffer over-read and application crash) or possibly have
  unspecified other impact via a crafted document, related to the
  xps_encode_font_char_imp function.

CVE-2017-9619 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9619):
  The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex
  Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
  service (Segmentation Violation and application crash) via a crafted file.

CVE-2017-9618 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9618):
  The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
  GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer
  overflow and application crash) or possibly have unspecified other impact
  via a crafted document.

CVE-2017-9612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9612):
  The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21
  allows remote attackers to cause a denial of service (use-after-free and
  application crash) or possibly have unspecified other impact via a crafted
  document.

CVE-2017-9611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9611):
  The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS
  9.21 allows remote attackers to cause a denial of service (heap-based buffer
  over-read and application crash) or possibly have unspecified other impact
  via a crafted document.

CVE-2017-9610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9610):
  The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
  GhostXPS 9.21 allows remote attackers to cause a denial of service
  (heap-based buffer over-read and application crash) or possibly have
  unspecified other impact via a crafted document.
Comment 1 Teika kazura 2018-04-15 03:38:26 UTC 
All have been fixed:

CVE-2017-9610: https://bugs.ghostscript.com/show_bug.cgi?id=698025
CVE-2017-9611: https://bugs.ghostscript.com/show_bug.cgi?id=698024
CVE-2017-9612: https://bugs.ghostscript.com/show_bug.cgi?id=698026
CVE-2017-9618: https://bugs.ghostscript.com/show_bug.cgi?id=698044
CVE-2017-9619: https://bugs.ghostscript.com/show_bug.cgi?id=698042
CVE-2017-9620: https://bugs.ghostscript.com/show_bug.cgi?id=698050
CVE-2017-9726:
  https://security-tracker.debian.org/tracker/CVE-2017-9726
  https://bugs.ghostscript.com/show_bug.cgi?id=698055
CVE-2017-9727:
  https://security-tracker.debian.org/tracker/CVE-2017-9727
  https://bugs.ghostscript.com/show_bug.cgi?id=698056
CVE-2017-9739: https://bugs.ghostscript.com/show_bug.cgi?id=698063
CVE-2017-9740: https://bugs.ghostscript.com/show_bug.cgi?id=698064
CVE-2017-9835: https://bugs.ghostscript.com/show_bug.cgi?id=697985

Note that ghostscript-9.23 was already released in March.
  https://ghostscript.com/Ghostscript_9.23.html
I haven't checked if all the above fixes are in 9.23, but it's likely, because fixes are quite old. (Bug 634616 is the bump request to 9.22)

BTW I know everyone is busy, and many teams are understaffed. But can't we do something, say check the situation every two months or so? I don't know how serious these bugs are, but at least ghostscript is important.

Thanks in advance. Best regards.
Comment 2 Larry the Git Cow gentoo-dev 2018-09-18 23:03:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a6c1c294b6dfddbec77c9652cf216fafaaae835

commit 0a6c1c294b6dfddbec77c9652cf216fafaaae835
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-09-18 23:03:21 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-09-18 23:03:34 +0000

    app-text/ghostscript-gpl: Version bump, bug 635426
    
    Bug: https://bugs.gentoo.org/635426
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 app-text/ghostscript-gpl/Manifest                  |   2 +
 .../ghostscript-gpl/ghostscript-gpl-9.25.ebuild    | 206 +++++++++++++++++++++
 2 files changed, 208 insertions(+)
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2018-09-18 23:04:59 UTC 
> 
> BTW I know everyone is busy, and many teams are understaffed. But can't we
> do something, say check the situation every two months or so? I don't know
> how serious these bugs are, but at least ghostscript is important.
> 

Sorry 'bout that, but I moved to glibc maintenance because that was even more critical...
Comment 4 Teika kazura 2018-09-21 03:51:12 UTC 
(In reply to Andreas K. Hüttel from comment #3)

Wow. No one can thank you enough. 
Take care, and please don't sacrifice yourself. 

Best regards.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2018-09-29 21:22:15 UTC 
Arches please stabilize app-text/ghostscript-gpl-9.25
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-30 21:50:47 UTC 
ia64 stable
Comment 7 Mart Raudsepp gentoo-dev 2018-09-30 22:27:42 UTC 
arm64 stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-01 00:10:33 UTC 
x86 stable
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2018-10-02 10:59:27 UTC 
Stable on alpha.
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-10-02 11:09:05 UTC 
amd64 stable
Comment 11 Rolf Eike Beer archtester 2018-10-02 18:51:18 UTC 
sparc done.
Comment 12 Matt Turner gentoo-dev 2018-10-06 16:16:11 UTC 
ppc/ppc64 stable
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-10-14 16:16:33 UTC 
s390 stable
Comment 14 Markus Meier gentoo-dev 2018-10-29 05:38:15 UTC 
arm stable
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-07 00:06:02 UTC 
hppa stable
Comment 16 Matt Turner gentoo-dev 2018-11-07 21:33:53 UTC 
All arches stable
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 19:49:25 UTC 
This issue was resolved and addressed in
 GLSA 201811-12 at https://security.gentoo.org/glsa/201811-12
by GLSA coordinator Aaron Bauman (b-man).