Summary: | <app-text/ghostscript-gpl-9.52: Multiple vulnerabilities (CVE-2020-{15900,16287,16288,16289,16290,16291,16292,16293,16294,16295,16296,16297,16298,16299,16300,16301,16302,16303,16304,16305,16306,16307,16308,16309,16310,17538}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | denis7774, pacho, printing, whissi |
Priority: | Normal | Keywords: | CC-ARCHES, STABLEREQ |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://artifex.com/security-advisories/CVE-2020-15900 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=715760 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-text/ghostscript-gpl-9.52-r1
|
Runtime testing required: | --- |
Description
John Helmert III
2020-07-28 20:21:49 UTC
Maintainer(s), please add the patch to our package. *** Bug 736645 has been marked as a duplicate of this bug. *** ping. * CVE-2020-16287 Description: "A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701785 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 * CVE-2020-16288 Description: "A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701791 * CVE-2020-16289 Description: "A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701788 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 * CVE-2020-16290 Description: "A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701786 * CVE-2020-16291 Description: "A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701787 * CVE-2020-16292 Description: "A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701793 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 * CVE-2020-16293 Description: "A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701795 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 * CVE-2020-16294 Description: "A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701794 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 * CVE-2020-16295 Description: "A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701796 * CVE-2020-16296 Description: "A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701792 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 * CVE-2020-16297 Description: "A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701800 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 * CVE-2020-16298 Description: "A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701799 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af * CVE-2020-16299 Description: "A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701801 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece46870 * CVE-2020-16300 Description: "A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701807 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (In reply to Sam James from comment #6) > * CVE-2020-16300 > > Description: > "A buffer overflow vulnerability in okiibm_print_page1() in > devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote > attacker to cause a denial of service via a crafted PDF file. This is fixed > in v9.51." > > MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701807 > > MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff; > h=714e8995cd582d418276915cbbec3c70711fb19e Correction, the description should be: "A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." * CVE-2020-16301 Description: "A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701808 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc * CVE-2020-16302 Description: "A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701815 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 * CVE-2020-16303 Description: "A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701818 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb77 * CVE-2020-16304 Description: "A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701816 * CVE-2020-16305 Description: "A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701819 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 * CVE-2020-16306 Description: "A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701821 * CVE-2020-16307 Description: "A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51." MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701822 * CVE-2020-16308 Description: "A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701829 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 * CVE-2020-16309 Description: "A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701827 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 * CVE-2020-16310 Description: "A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701828 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e * CVE-2020-17538 Description: "A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51." MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701792 MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed06c479fa67368ab3ac212a0518b986aec90716 commit ed06c479fa67368ab3ac212a0518b986aec90716 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-08-13 10:26:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-08-13 10:26:20 +0000 app-text/ghostscript-gpl: bump to v9.52 Bug: https://bugs.gentoo.org/734322 Closes: https://bugs.gentoo.org/715760 Package-Manager: Portage-3.0.2, Repoman-2.3.23 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-text/ghostscript-gpl/Manifest | 3 + .../ghostscript-gpl/ghostscript-gpl-9.52.ebuild | 204 +++++++++++++++++++++ 2 files changed, 207 insertions(+) arm64 done sparc done amd64 done x86 done arm done s390 stable Thank you, Gentoo developers, you doing a great work! hppa stable ppc64 done ppc done all arches done Maintainers, please cleanup. (In reply to Reva Denis from comment #17) > Thank you, Gentoo developers, you doing a great work! Thank you! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3adf541ebbbf276b36e35496e78fdcb29ee5c1e5 commit 3adf541ebbbf276b36e35496e78fdcb29ee5c1e5 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-08-29 22:11:49 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-08-29 22:12:27 +0000 app-text/ghostscript-gpl: drop vulnerable Bug: https://bugs.gentoo.org/734322 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-text/ghostscript-gpl/Manifest | 2 - .../ghostscript-gpl/ghostscript-gpl-9.50.ebuild | 202 --------------------- 2 files changed, 204 deletions(-) This issue was resolved and addressed in GLSA 202008-20 at https://security.gentoo.org/glsa/202008-20 by GLSA coordinator Sam James (sam_c). |