code.ossystems Code Review - openembedded-core.git/commit

ghostscript: Fix 3 CVEs

It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.

It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.

It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6116
https://www.openwall.com/lists/oss-security/2019/01/23/5
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Ovidiu Panait <ovidiu.panait@windriver.com>
	Fri, 5 Apr 2019 14:56:31 +0000 (17:56 +0300)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 9 Apr 2019 12:44:32 +0000 (13:44 +0100)
commit	12e140dfdac8456772223c816e37bd869419bb18
tree	a12c4278b518f852bd71719e64b9dbe05f34cbb7	tree \| snapshot
parent	25edd39d752876a2894ddbbe396c3b037519f9f1	commit \| diff

meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch	[new file with mode: 0644]	blob
meta/recipes-extended/ghostscript/ghostscript_9.26.bb		diff \| blob \| history