ghostscript: CVE-2016-8602

Debian Bug report logs - #840451
ghostscript: CVE-2016-8602

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ghostscript: CVE-2016-8602

Date: Tue, 11 Oct 2016 19:17:13 +0200

Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697203

Hi,

the following vulnerability was published for ghostscript.

CVE-2016-8602[0]:
another type confusion bug

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-8602
[1] http://bugs.ghostscript.com/show_bug.cgi?id=697203
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78

Regards,
Salvatore

Message #10 received at 840451-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 840451-close@bugs.debian.org

Subject: Bug#840451: fixed in ghostscript 9.06~dfsg-2+deb8u3

Date: Wed, 12 Oct 2016 22:17:31 +0000

Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u3

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840451@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Oct 2016 19:35:21 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 840451
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.06~dfsg-2+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-8602: check for sufficient params in .sethalftone5 and param
     types (Closes: #840451)
Checksums-Sha1: 
 41bdb26bd1ea14b0b6b6eb9a2a1daf95d17eb7f5 3015 ghostscript_9.06~dfsg-2+deb8u3.dsc
 0c83b15b2a487fc61758aa04e3a3c227ccb4ee96 96812 ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz
 a5a21d01334ea485c09769352e11c107f70f6b7c 5067396 ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb
 ba384549b40d0077df6f5c3892047c9682674928 1979586 libgs9-common_9.06~dfsg-2+deb8u3_all.deb
Checksums-Sha256: 
 a689038dd7f76cc88b0a42f944ceab129d5ae63cbd712f1ef33fc74a52780dfe 3015 ghostscript_9.06~dfsg-2+deb8u3.dsc
 2c5b8347f50d1773f537e4281e54165c9a35068523dcbc576be78ec9d2af8251 96812 ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz
 6b6998308aa0a5e2b8caa49063b7f868f62c4a1fcda59aaaf7ea934abd343b83 5067396 ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb
 6bd3d78f5da9d83994005d0a4beae988673fa0dee07ea258162901f1e71e4f59 1979586 libgs9-common_9.06~dfsg-2+deb8u3_all.deb
Files: 
 0012de5bc99ea883002a08c514cfd53b 3015 text optional ghostscript_9.06~dfsg-2+deb8u3.dsc
 681e01f662f954ac3986723b74c7e8ab 96812 text optional ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz
 e29c10ae368ce10dabcea7d309ec2d97 5067396 doc optional ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb
 5e8488216658c659d9c365f61847dc37 1979586 libs optional libgs9-common_9.06~dfsg-2+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQKPBAEBCgB5BQJX/STyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRE5+
D/4zuMqHhei4rCvgdU0+o5ntmsu6WLtikLcxXEGQJB+HffhCJLu2KbE+GbaRO3r3
MrCo6BMMoBPluXKm/fw05XpPzBFPBV5X7lqB4pkp+9xjH9dtqOJbhCp2BZpz4pgI
MfLhx1CBeMwler+DZfTNXV3VAYXp4GLSuRDygJhWgeeQs7YseLRuG6vXn38FmdK0
LbC1rm+z4Bmo6SX4YSpzD0c53pDP3NebEzPcNsNHUyX/LTpGi8TkfvWkam2XfUwh
oxyqHmBTGT/8lh4YK6lzAz7PFUu3xAToL0eb1gxs0NXRk2HsJ8kGXvYc2E5GS3eC
HEJhuVixdGhOS/HyFncLygTlhNzmhnWiWKM/O1ngM94Qdd7/heuerFP64V/v0hEu
FS0fn2oKD0elW4USQZTBJ0+yX/oxmcmiZ9PFKTQX7PIudicOmbP0tZ63xfPNLRvJ
FM0btLGNrDoUtInr5WQ0SdqN8t0rYeze5vu8MJzPlYyYRkg00yRqsxpvsNhLBs9X
WW7ArLUkzzlafCuRP27JPXRmXxj+U5E4u7zf+HceP7oHB5MFj970cCBouTyGsbFE
Knrx+d+QIHDHhTfMi3AFp6rrzsYxWRGzzSgIUws6vYAwIBbU8ZFoztLMHVQ2wya9
u2aUS1W+Oh98YHLm7KnS84Ji2zSWsQc+ijyQqt0vU8WgMw==
=YO8e
-----END PGP SIGNATURE-----

Message #15 received at 840451@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 839118@bugs.debian.org, 839260@bugs.debian.org, 839841@bugs.debian.org, 839845@bugs.debian.org, 839846@bugs.debian.org, 840451@bugs.debian.org

Subject: ghostscript: diff for NMU version 9.19~dfsg-3.1

Date: Sun, 16 Oct 2016 20:56:38 +0200

[Message part 1 (text/plain, inline)]

Control: tags 839118 + patch
Control: tags 839260 + patch
Control: tags 839841 + patch
Control: tags 839845 + patch

Dear maintainer,

I've prepared now an NMU debdiff for ghostscript as well for the
version in unstable. Due to further investigation needed for #840691
I'm not yet uploading.

After updating ghostscript the same problems seem visible in unstable
for evince and zathura, and I'm not yet sure that the patches just
uncovered a bug in libspectre. Help in debugging this would be
welcome.

Regards,
Salvatore

[ghostscript-9.19~dfsg-3.1-nmu.diff (text/x-diff, attachment)]

Message #20 received at 840451-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 840451-close@bugs.debian.org

Subject: Bug#840451: fixed in ghostscript 9.19~dfsg-3.1

Date: Fri, 28 Oct 2016 18:20:44 +0000

Source: ghostscript
Source-Version: 9.19~dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840451@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 13:25:52 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.19~dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 839118 839260 839841 839845 839846 840451
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.19~dfsg-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2013-5653: Information disclosure through getenv, filenameforall
     (Closes: #839118)
   * CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote
     shell command execution (Closes: #839260)
   * CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing
     remote file disclosure (Closes: #839841)
   * CVE-2016-7978: reference leak in .setdevice allows use-after-free and
     remote code execution (Closes: #839845)
   * CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code
     execution (Closes: #839846)
   * CVE-2016-8602: check for sufficient params in .sethalftone5 and param
     types (Closes: #840451)
   * Add 840691-Fix-.locksafe.patch patch.
     Fixes regression seen with zathura and evince. Fix .locksafe. We need to
     .forceput the defintion of getenv into systemdict.
     Thanks to Edgar Fuß <ef@math.uni-bonn.de>
Checksums-Sha1: 
 73e9eb76a5189dc9a1bd57752b26f4edae837946 2997 ghostscript_9.19~dfsg-3.1.dsc
 d969bd2cc53abe7352922c1853c47e7ccb0d8eeb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
 285f6d7b5828229ebfd9ba92d92168fabc90331a 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
 20aa04760215363e21fdffde03a4f23f7ce2111b 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Checksums-Sha256: 
 d0c44fabebe04b6d2797d61df9940c1ac5897ff47d0dd3882e6eaa603fdd6642 2997 ghostscript_9.19~dfsg-3.1.dsc
 0e22f98aed5e9b705a241acd401303c57467b686363912bf6c85422c587e90bb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
 5526424d99b60b40665177bb93927f5620aaddb458e2624922d56b49670c8a10 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
 55ad19603838e06a2fd2d5b69ffd2bdb9d4899f8714c5b050ee94f760e710c6f 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Files: 
 679cdcc87ac7a4382519dcfeace22a46 2997 text optional ghostscript_9.19~dfsg-3.1.dsc
 8668693afcef4280199b80fd08e1a754 106324 text optional ghostscript_9.19~dfsg-3.1.debian.tar.xz
 439b9da68e9e157294b64d472f99cc5e 5568784 doc optional ghostscript-doc_9.19~dfsg-3.1_all.deb
 6aa26679d65514fccb63fb82e3343d0b 3030750 libs optional libgs9-common_9.19~dfsg-3.1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKPBAEBCgB5BQJYE4tXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRMoI
D/94fxNlivh403wFVls0NLyAAkeiSbPP1DzirV+q/3aXk1lUvzhHsrxT+co65rn1
2zIymw5kvElanQiwI+REmlOF+mkxRv0yLYopGKHjvDST/W/Kx5KIrl68yyqVe8fO
WDdSW2mRg5otCQyuSd+Pa96jpFZEWsyEE1zblS/jhZw8RzkJpSCHnmGUXFDLKV0i
+m59qliO8TsaldVJ1f8f8Ts5mfs5J9UzU2p4Z0jXBkVVhOejvqBcJjhYsUydV/mL
SSzvpUBgkqd29af0n53YvOssgt3XhXXwx55L2EI+1/lhMR4XGXfWGLq3cnJGxAhl
2Vavbn+GSg6g8u8uHeUe4L5BCzhqcUtBKyGNLxbTv4+4sv+2C1tzS8XavvBokI+D
E4sc4l1UePIkWWI9AaFSq7pc9hOF+gjFI2JqBAvGd2sc8Cg+qRznxLRwrmsGet5g
XcKVHv91uqoYcYpN8y/kmI/IzmZ1khjvtYatjLGK56eUBNAjXrjrJ4aMYwaVZrKV
FCtueleGbjpwJyeFl8QRq/4vhTPPP6vYWYmb07hf+hBVoYicoQR78qnJiF99nXjm
uO+UfW4Zc07pIHl+qVbmUMC28pWYsJ2qlQ+GJDluBPQMTR2k/jLs6XbuQ1diZIw2
YeZPkNB9dfrqPIFGAllZWwFuk3ISFhUele7pMMX3v8mfDA==
=ykAE
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.