676154 – app-text/ghostscript-gpl vulnerability CVE-2019-6116

Bug 676154 - app-text/ghostscript-gpl vulnerability CVE-2019-6116

Summary: app-text/ghostscript-gpl vulnerability CVE-2019-6116

Status:	RESOLVED DUPLICATE of bug 676264

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [upstream/ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2019-01-24 09:55 UTC by Guillaume Ceccarelli
Modified:	2019-03-27 23:59 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guillaume Ceccarelli 2019-01-24 09:55:44 UTC

Google Project Zero's Tavis Ormandy recently disclosed a vulnerability in ghostscript allowing for arbitrary code execution when manipulating postscript files.

It's notably possible to trigger the the bug through a simple imagemagick / graphicmagick "convert payload.ps anyfile.jpg" call, which can probably lead to RCE on any number of systems doing user-submitted image file conversions.

Patches are referenced in the OpenWall announcement, and they are in the official ghostscript git, so we can probably expect an official release fixing the problem at some point.

https://www.openwall.com/lists/oss-security/2019/01/23/5

Other references:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
https://bugs.ghostscript.com/show_bug.cgi?id=700317


There are six patches in total from the announcement, but two of them don't seem to apply cleanly on top of ghostscript-9.26.

Comment 1 Yury German Gentoo Infrastructure

2019-03-27 23:59:29 UTC


*** This bug has been marked as a duplicate of bug 676264 ***