Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 616814 (CVE-2017-8291) - <app-text/ghostscript-gpl-9.21 : Memory corruption / type confusion
Summary: <app-text/ghostscript-gpl-9.21 : Memory corruption / type confusion
Status: RESOLVED FIXED
Alias: CVE-2017-8291
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-6196
  Show dependency tree
 
Reported: 2017-04-28 08:32 UTC by Hanno Böck
Modified: 2017-10-08 20:32 UTC (History)
2 users (show)

See Also:
Package list:
app-text/ghostscript-gpl-9.21
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2017-04-28 08:32:35 UTC 
See here:
https://bugs.ghostscript.com/show_bug.cgi?id=697799

and some more info in this duplicate bug
https://bugs.ghostscript.com/show_bug.cgi?id=697808

There seem to be no upstream fix release yet. There are rumors that this was the vulnerability used in the recent hipchat incident.

Commits to fix according to the upstream bug:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-04-28 21:07:08 UTC 
 CVE ID: CVE-2017-8291
   Summary: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
 Published: 2017-04-27T01:59:02.000Z
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2017-06-09 22:55:01 UTC 
Patched in our 9.21
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2017-06-17 13:56:35 UTC 
Please stabilize app-text/ghostscript-gpl-9.21 (all stable arches)
Comment 5 Agostino Sarubbo gentoo-dev 2017-06-17 17:26:18 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-18 14:02:21 UTC 
amd64 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2017-06-20 15:02:28 UTC 
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2017-06-21 11:58:56 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2017-06-21 12:18:09 UTC 
ppc64 stable
Comment 10 Markus Meier gentoo-dev 2017-06-23 04:38:34 UTC 
arm stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-28 20:55:04 UTC 
ia64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2017-07-07 09:08:25 UTC 
sparc stable
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2017-07-08 16:18:53 UTC 
@hppa ping.
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2017-08-02 04:02:44 UTC 
Arches or maintainers please stabilize for hppa ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2017-08-21 01:16:07 UTC 
This issue was resolved and addressed in
 GLSA 201708-06 at https://security.gentoo.org/glsa/201708-06
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 16 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-21 01:18:25 UTC 
Re-opening for remaining architecture.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev 2017-09-03 21:32:41 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 18 Yury German Gentoo Infrastructure gentoo-dev 2017-10-02 04:38:28 UTC 
Slyfox, please stabilize or drop from stable.
This is holding up a security bug, and security cleanup.
Comment 19 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-03 15:09:14 UTC 
hppa stable
Comment 20 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-03 15:59:55 UTC 
Thank you all,

Maintainers please proceed to cleanup.

Gentoo Security Padawan
ChrisADR