]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 84c6385) | patch
ghostscript: Fix CVE-2019-6116
authorOvidiu Panait <ovidiu.panait@windriver.com>
Thu, 21 Feb 2019 09:30:57 +0000 (11:30 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 25 Feb 2019 22:25:03 +0000 (22:25 +0000)
commitaf397d31e467d6af00ef835537221bc211d94ca6
tree7c93b8b6d28f40b69a0fa37796f106c68958e946tree | snapshot
parent84c63858be47d33e49140181d73c253886d5aec5commit | diff
ghostscript: Fix CVE-2019-6116

It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.

Reference:
https://www.openwall.com/lists/oss-security/2019/01/23/5

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a3c4fc169e7c6c1e83874a6bf63a6fb42b

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.26.bb diff | blob | history
Mirror of the official openembedded-core repository