[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From: Thomas Jarosch <thomas.jarosch () intra2net ! com>
Date: 2019-01-22 15:52:16
Message-ID: 20190122155216.4fx6xh3tlohmxe3n () storm ! m ! i2n
[Download RAW message or body]
Hi,
You wrote on Thu, Oct 18, 2018 at 01:25:29PM +0000:
> ------- Original Message -------
> On Thursday, October 18, 2018 2:32 PM, Tavis Ormandy <taviso@google.com> wrote:
>
> > On Thu, Oct 18, 2018 at 3:51 AM Jordan Glover <Golden_Miller83@protonmail.ch> wrote:
> >
> >> Do you know if upstream is going to make new release soon or distros should take the
> >> pain and backport all of those themselves?
> >
> > AFAIK upstream only makes quarterly releases, so I think you need to backport.
> >
> > Tavis.
>
> In normal, boring times yes but 9.25 was available just 10 days after 9.24 as urgent security
> release and it seems it was still not enough.
just a quick follow up: ghostscript 9.26 was released on 2018-11-20
and fixes the issue demonstrated by the exploit posted in:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
*******************************************
# gs executeonly-bypass.pdf
GPL Ghostscript 9.26 (2018-11-20)
Copyright (C) 2018 Artifex Software, Inc. All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
what do we want?
deprecate untrusted postscript!
when do we want it?
now!
Error: /undefined in .policyprocs
Operand stack:
--dict:967/1684(ro)(G)-- SAFER false --dict:0/0(L)-- --dict:0/0(L)--
--dict:967/1684(ro)(G)-- (ignored) SAFER false
Execution stack:
%interp_exit .runexec2 --nostringval-- --nostringval--
--nostringval-- 2 %stopped_push --nostringval-- --nostringval--
--nostringval-- false 1 %stopped_push 2029 1 3 %oparray_pop 2028
1 3 %oparray_pop 2009 1 3 %oparray_pop 1868 1 3
%oparray_pop --nostringval-- %errorexec_pop .runexec2 --nostringval--
--nostringval-- --nostringval-- 2 %stopped_push --nostringval--
--nostringval--
Dictionary stack:
--dict:967/1684(ro)(G)-- --dict:0/20(G)-- --dict:79/200(L)--
Current allocation mode is local
Current file position is 575
GPL Ghostscript 9.26: Unrecoverable error, exit code 1
*******************************************
The release timeline of the vendor Artifex is also quite good:
9.24: 2018-09-03
9.25: 2018-09-13
9.26: 2018-11-20
Fedora 28 is f.e. still vulnerable though.
Best regards,
Thomas Jarosch
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic