Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812509 (CVE-2021-3781) - <app-text/ghostscript-gpl-9.54.0-r1: arbitrary code execution vulnerability (CVE-2021-3781)
Summary: <app-text/ghostscript-gpl-9.54.0-r1: arbitrary code execution vulnerability (...
Status: IN_PROGRESS
Alias: CVE-2021-3781
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugs.ghostscript.com/show_bug...
Whiteboard: A2 [glsa?]
Keywords: PullRequest
Depends on: 796659
Blocks:
  Show dependency tree
 
Reported: 2021-09-11 07:03 UTC by Alexander Sergeyev
Modified: 2022-01-15 21:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Sergeyev 2021-09-11 07:03:38 UTC
The bug description can be found at $URL. Commit with a fix is available at [1].

[1] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20

Reproducible: Always

Steps to Reproduce:
Refer to the $URL for details.
Actual Results:  
With a specially crafted input, gs runs arbitrary shell commands.

Expected Results:  
The input should have been properly sanitized.
Comment 1 Larry the Git Cow gentoo-dev 2021-09-13 00:54:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eeb37a3981b77ed60be7975287e1a503375fa493

commit eeb37a3981b77ed60be7975287e1a503375fa493
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-09-13 00:53:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-09-13 00:54:18 +0000

    app-text/ghostscript-gpl: patch CVE-2021-3781
    
    Bug: https://bugs.gentoo.org/812509
    Signed-off-by: Sam James <sam@gentoo.org>

 .../ghostscript-gpl-9.54.0-CVE-2021-3781.patch     | 213 +++++++++++++++++++++
 .../ghostscript-gpl-9.54.0-r1.ebuild               | 191 ++++++++++++++++++
 2 files changed, 404 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-20 06:59:35 UTC
Needs cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2022-01-15 14:15:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=215fe07aa9dba7d2732a8a62836f7493927ccbbb

commit 215fe07aa9dba7d2732a8a62836f7493927ccbbb
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-01-15 12:37:10 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-01-15 14:14:59 +0000

    app-text/ghostscript-gpl: Cleanup vulnerable 9.52-r1, 9.53.3-r5, 9.54.0
    
    Bug: https://bugs.gentoo.org/812509
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 app-text/ghostscript-gpl/Manifest                  |   4 -
 .../files/ghostscript-gpl-9.53.3-fix-ps2epsi.patch |  16 --
 .../ghostscript-gpl-9.53.3-freetype-2.10.3.patch   |  20 ---
 .../ghostscript-gpl/ghostscript-gpl-9.52-r1.ebuild | 197 ---------------------
 .../ghostscript-gpl-9.53.3-r5.ebuild               | 196 --------------------
 .../ghostscript-gpl/ghostscript-gpl-9.54.0.ebuild  | 189 --------------------
 6 files changed, 622 deletions(-)