diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-02 20:30:22 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-04-03 08:59:45 +0200 |
| commit | caa5f28b83340fe23012ab27244a288449b26b26 (patch) | |
| tree | 70102860b8f3df20347f25125b7ea065340cd1d5 /source/ap/ghostscript/ghostscript-cve-2019-3838.patch | |
| parent | df86158dc598141c63689a86c2f247053e616719 (diff) | |
| download | current-20190402203022.tar.gz current-20190402203022.tar.xz | |
Tue Apr 2 20:30:22 UTC 201920190402203022
a/hwdata-0.322-noarch-1.txz: Upgraded.
a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
a/shadow-4.6-x86_64-2.txz: Rebuilt.
adduser: reprompt on invalid user input. Thanks to ttk.
ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
Fixes security issues:
A specially crafted PostScript file could have access to the file system
outside of the constrains imposed by -dSAFER.
Transient procedures can allow access to system operators, leading to
remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
(* Security fix *)
d/vala-0.44.2-x86_64-1.txz: Upgraded.
l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
n/wget-1.20.2-x86_64-1.txz: Upgraded.
Fixed an unspecified buffer overflow vulnerability.
(* Security fix *)
Diffstat (limited to 'source/ap/ghostscript/ghostscript-cve-2019-3838.patch')
| -rw-r--r-- | source/ap/ghostscript/ghostscript-cve-2019-3838.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3838.patch b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch new file mode 100644 index 000000000..0ba1e876b --- /dev/null +++ b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch @@ -0,0 +1,56 @@ +From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 20 Feb 2019 09:54:28 +0000 +Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in + DefineResource). + +This prevents access to .forceput + +Solution originally suggested by cbuissar@redhat.com. +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index d9b3459..b646329 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -425,7 +425,7 @@ status { + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only + } executeonly if +- } ++ } executeonly + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put + } +-- +2.20.1 + + +From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 22 Feb 2019 12:28:23 +0000 +Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs + executeonly'ed. + +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index b646329..8c1f29f 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -437,7 +437,7 @@ status { + % Now make the resource value read-only. + 0 2 copy get { readonly } .internalstopped pop + dup 4 1 roll put exch pop exch pop +- } ++ } executeonly + { /defineresource cvx /typecheck signaloperror + } + ifelse +-- +2.20.1 + |