Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2023-07-27 16:50:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.32662 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Thu Jul 27 16:50:03 2023 rev:60 rq:1100803 version:9.56.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-07-05 15:30:29.242540434 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.32662/ghostscript.changes 2023-07-27 16:50:19.369649622 +0200 @@ -1,0 +2,12 @@ +Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner <jsm...@suse.com> + +- CVE-2023-38559.patch fixes CVE-2023-38559 + "out of bounds read devn_pcx_write_rle() could result in DoS" + see bsc#1213637 + and https://bugs.ghostscript.com/show_bug.cgi?id=706897 + which is in base/gdevdevn.c the same issue + "ordering in if expression to avoid out-of-bounds access" + as the already fixed CVE-2020-16305 in devices/gdevpcx.c + see https://bugs.ghostscript.com/show_bug.cgi?id=701819 + +------------------------------------------------------------------- New: ---- CVE-2023-38559.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.Q85EXs/_old 2023-07-27 16:50:20.385655363 +0200 +++ /var/tmp/diff_new_pack.Q85EXs/_new 2023-07-27 16:50:20.393655408 +0200 @@ -65,6 +65,17 @@ # and https://bugzilla.suse.com/show_bug.cgi?id=1212711 # "permission validation mishandling for pipe devices (with the %pipe% prefix or the | pipe character prefix)" Patch103: CVE-2023-36664.patch +# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 +# that fixes CVE-2023-38559 +# "out of bounds read devn_pcx_write_rle() could result in DoS" +# see https://bugzilla.suse.com/show_bug.cgi?id=1213637 +# and https://bugs.ghostscript.com/show_bug.cgi?id=706897 +# which is in base/gdevdevn.c the same issue +# "ordering in if expression to avoid out-of-bounds access" +# as the already fixed CVE-2020-16305 in devices/gdevpcx.c +# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 +Patch104: CVE-2023-38559.patch BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -281,6 +292,17 @@ # and https://bugzilla.suse.com/show_bug.cgi?id=1212711 # "permission validation mishandling for pipe devices (with the %pipe% prefix or the | pipe character prefix)" %patch103 +# Patch104 CVE-2023-38559.patch is for Ghostscript-9.56.1 from +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 +# that fixes CVE-2023-38559 +# "out of bounds read devn_pcx_write_rle() could result in DoS" +# see https://bugzilla.suse.com/show_bug.cgi?id=1213637 +# and https://bugs.ghostscript.com/show_bug.cgi?id=706897 +# which is in base/gdevdevn.c the same issue +# "ordering in if expression to avoid out-of-bounds access" +# as the already fixed CVE-2020-16305 in devices/gdevpcx.c +# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 +%patch104 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++++++ CVE-2023-38559.patch ++++++ --- base/gdevdevn.c.orig 2022-04-04 15:48:49.000000000 +0200 +++ base/gdevdevn.c 2023-07-26 11:31:03.873226054 +0200 @@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, co byte data = *from; from += step; - if (data != *from || from == end) { + if (from >= end || data != *from) { if (data >= 0xc0) gp_fputc(0xc1, file); } else {
