[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911) (#9382) · Issues · alpine / aports

[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)

CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted PDF document.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879

CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15908

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3

CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15909

Patches:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6

CVE-2018-15910: In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15910

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880

CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or potentially execute code.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-15911

Patch:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f

(from redmine: issue id 9382, created on 2018-09-04, closed on 2018-09-20)

Relations:
- parent #9381 (closed)
Changesets:
- Revision c1375861 by Andy Postnikov on 2018-09-10T17:18:55Z:

main/ghostscript: security upgrade to 9.24

CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194

fixes #9382

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information