Univention Bugzilla – Bug 47832
ghostscript: Multiple issues (4.2)
Last modified: 2018-09-19 10:53:52 CEST
New Debian ghostscript 9.06~dfsg-2+deb8u8 fixes: This update addresses the following issues: * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * .tempfile file permission issues (699657) (CVE-2018-15908) * shading_param incomplete type checking (699660) (CVE-2018-15909) * LockDistillerParams type confusion (699656) (CVE-2018-15910) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * /invalidaccess bypass after failed restore (699654) (CVE-2018-16509) * missing type check in type checker (699659) (CVE-2018-16511) * setcolor missing type check (699655) (CVE-2018-16513) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * use-after-free in copydevice handling (699661) (CVE-2018-16540) * incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) * uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) * incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) * .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * .setdistillerkeys PostScript command is accepted even though it is not intended for use (CVE-2018-16585) * Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)
--- mirror/ftp/4.2/unmaintained/4.2-5/source/ghostscript_9.06~dfsg-2+deb8u7.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/ghostscript_9.06~dfsg-2+deb8u8.dsc @@ -1,3 +1,12 @@ +9.06~dfsg-2+deb8u8 [Thu, 13 Sep 2018 13:07:02 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an + interpreter for the PostScript language, which could result in denial of + service, the creation of files or the execution of arbitrary code if a + malformed Postscript file is processed (despite the dSAFER sandbox being + enabled). + 9.06~dfsg-2+deb8u7 [Sun, 29 Apr 2018 11:58:34 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-5/#7982427427225363617>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] ac1a583eb4 Bug #47832: ghostscript 9.06~dfsg-2+deb8u8 doc/errata/staging/ghostscript.yaml | 95 +++++-------------------------------- 1 file changed, 11 insertions(+), 84 deletions(-) [4.2-5] e1e20d8e04 Bug #47832: ghostscript 9.06~dfsg-2+deb8u8 doc/errata/staging/ghostscript.yaml | 116 ++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+)
<http://errata.software-univention.de/ucs/4.2/517.html>