Summary: | <app-text/ghostscript-gpl-10.01.1: Shell in the Ghost vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | codec, printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://offsec.almond.consulting/ghostscript-cve-2023-28879.html | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 904246 | ||
Bug Blocks: |
Description
Sam James
2023-04-13 01:05:54 UTC
>In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9c38541fc770d5ef98f0327092ae33c0bab71167 commit 9c38541fc770d5ef98f0327092ae33c0bab71167 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-03 ] GPL Ghostscript: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904245 Bug: https://bugs.gentoo.org/910294 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06aefb6bdc737876b90bc434f910484b735facf9 commit 06aefb6bdc737876b90bc434f910484b735facf9 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-09-17 05:28:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:28:32 +0000 app-text/ghostscript-gpl: drop 10.0.0-r5, 10.01.0 Bug: https://bugs.gentoo.org/904245 Signed-off-by: Sam James <sam@gentoo.org> app-text/ghostscript-gpl/Manifest | 2 - .../ghostscript-gpl-10.0.0-r5.ebuild | 194 --------------------- .../ghostscript-gpl/ghostscript-gpl-10.01.0.ebuild | 190 -------------------- 3 files changed, 386 deletions(-) |