Bugzilla – Bug 1004237
VUL-0: CVE-2016-8602: ghostscript, ghostscript-library: Insufficient parameter check in .sethalftone5
Last modified: 2017-07-27 14:40:09 UTC
CVE-2016-8602: Tavis Ormandy Here is a different type confusion bug, originally I thought it was just a NULL dereference, but after seeing the patch it does look exploitable. id: http://bugs.ghostscript.com/show_bug.cgi?id=697203 patch: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 repro: clear 16#41414141 .sethalftone5 References: https://bugzilla.redhat.com/show_bug.cgi?id=1383940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8602 http://seclists.org/oss-sec/2016/q4/98
bugbot adjusting priority
Submitted to "Printing" => openSUSE:Factory => Tumbleweed: ---------------------------------------------------------------------------- $ osc request accept -m 'Ghostscript security update that fixes (CVE-2013-5653 is already fixed in the 9.20 sources) CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 (all bsc#1001951) and CVE-2016-8602 (bsc#1004237)' 435738 Result of change request state: ok openSUSE:Factory Forward this submit to it? ([y]/n)y There are already the following submit request: 346383, 429441. Supersede the old requests? (y/n/c) y Ghostscript security update that fixes (CVE-2013-5653 is already fixed in the 9.20 sources) CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 (all bsc#1001951) and CVE-2016-8602 (bsc#1004237) (forwarded request 435738 from jsmeix) New request # 435739 ----------------------------------------------------------------------------
This is an autogenerated message for OBS integration: This bug (1004237) was mentioned in https://build.opensuse.org/request/show/435739 Factory / ghostscript
How to reproduce on plain command line (without need for X) (here on an openSUSE 13.2 system): --------------------------------------------------------------------- # gs -sDEVICE=nullpage GPL Ghostscript 9.15 (2014-09-22) Copyright (C) 2014 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. GS>clear .sethalftone5 Segmentation fault --------------------------------------------------------------------- (-sDEVICE=nullpage avoids the default DEVICE x11alpha that needs X).
Fixed for openSUSE 13.2: ----------------------------------------------------------------------------- $ osc branch -M openSUSE:13.2 ghostscript ... $ osc mr -m 'Ghostscript security update that fixes CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 (all bsc#1001951) and CVE-2016-8602 (bsc#1004237)' home:jsmeix:branches:openSUSE:13.2:Update ghostscript.openSUSE_13.2_Update openSUSE:13.2:Update Using target project 'openSUSE:Maintenance' 436173 -----------------------------------------------------------------------------
This is an autogenerated message for OBS integration: This bug (1004237) was mentioned in https://build.opensuse.org/request/show/436173 13.2 / ghostscript
According to https://bugzilla.suse.com/show_bug.cgi?id=1001951#c62 the issue is now fixed for all maintaines SLE and openSUSE products.
Reopening for further processing by the security team.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-11-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63157
openSUSE-SU-2016:2648-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1001951,1004237 CVE References: CVE-2013-5653,CVE-2016-7978,CVE-2016-7979,CVE-2016-8602 Sources used: openSUSE 13.2 (src): ghostscript-9.15-6.1, ghostscript-mini-9.15-6.1
SUSE-SU-2016:2654-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1004237 CVE References: CVE-2016-8602 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): ghostscript-9.15-14.1 SUSE Linux Enterprise Server 12-SP1 (src): ghostscript-9.15-14.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ghostscript-9.15-14.1
This is an autogenerated message for OBS integration: This bug (1004237) was mentioned in https://build.opensuse.org/request/show/438117 42.1 / ghostscript
openSUSE-SU-2016:2710-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1004237 CVE References: CVE-2016-8602 Sources used: openSUSE Leap 42.1 (src): ghostscript-9.15-11.1, ghostscript-mini-9.15-11.1
SUSE-SU-2016:2723-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1004237 CVE References: CVE-2016-8602 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ghostscript-library-8.62-32.41.1 SUSE Linux Enterprise Server 11-SP4 (src): ghostscript-library-8.62-32.41.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ghostscript-library-8.62-32.41.1
released