Bug#859696: ghostscript: CVE-2017-5951
Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548 Hi, the following vulnerability was published for ghostscript. CVE-2017-5951[0]: | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As per 2017-04-06 there is no upstrream fix yet for this issue. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#859694: ghostscript: CVE-2016-10220
Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for ghostscript. CVE-2016-10220[0]: | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file that is mishandled in the PDF Transparency module. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10220 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697450 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Re: Wheezy update of ghostscript?
Hi Chris, Quoting Chris Lamb (2017-04-05 22:57:19) > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of ghostscript: > https://security-tracker.debian.org/tracker/source-package/ghostscript > > Would you like to take care of this yourself? I have no plans to maintin Ghostscript for the LTS derivative of Debian. Please do go ahead with that, and thanks for the nicely laid out options. Feel free to ask if there's anything in the packaging you find peculiar - I've tried my best to keep the package easy backportable - by my use of CDBS is not considered "easy" by all, so - feel free to ask :-) - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Wheezy update of ghostscript?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of ghostscript: https://security-tracker.debian.org/tracker/source-package/ghostscript Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of ghostscript updates for the LTS releases. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#859666: ghostscript: CVE-2016-10219
Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: security patch upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453 Hi, the following vulnerability was published for ghostscript. CVE-2016-10219[0]: | The intersect function in base/gxfill.c in Artifex Software, Inc. | Ghostscript 9.20 allows remote attackers to cause a denial of service | (divide-by-zero error and application crash) via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697453 [2] http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#859662: ghostscript: CVE-2016-10217
Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697456 Hi, the following vulnerability was published for ghostscript. CVE-2016-10217[0]: | The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. | Ghostscript 9.20 allows remote attackers to cause a denial of service | (use-after-free and application crash) via a crafted file that is | mishandled in the color management module. To verify with an ASAN build of ghostscript: cut-cut-cut-cut-cut-cut- # LD_LIBRARY_PATH=./sobin ./debian/tmp/usr/bin/gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER /root/gs_uaf_pdf14_cleanup_parent_color_profiles -c quit GPL Ghostscript 9.20 (2016-09-26) Copyright (C) 2016 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. = ==4082==ERROR: AddressSanitizer: heap-use-after-free on address 0x62a00053b840 at pc 0x7f9c09ebff67 bp 0x7ffe337bb2a0 sp 0x7ffe337bb298 READ of size 8 at 0x62a00053b840 thread T0 #0 0x7f9c09ebff66 in pdf14_cleanup_parent_color_profiles base/gdevp14.c:2016 #1 0x7f9c09eefcef in pdf14_device_finalize base/gdevp14.c:8293 #2 0x7f9c0a7fd262 in restore_finalize psi/isave.c:952 #3 0x7f9c0a7fc066 in alloc_restore_step_in psi/isave.c:759 #4 0x7f9c0a7fcbfb in alloc_restore_all psi/isave.c:886 #5 0x7f9c0a700455 in gs_main_finit psi/imain.c:978 #6 0x7f9c0a700a74 in gs_to_exit_with_code psi/imain.c:1013 #7 0x7f9c0a700a9b in gs_to_exit psi/imain.c:1018 #8 0x7f9c0a70b97b in gsapi_exit psi/iapi.c:561 #9 0x557197880114 in main psi/dxmainc.c:90 #10 0x7f9c0976b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #11 0x55719787fd29 in _start (/root/ghostscript-9.20~dfsg/debian/tmp/usr/bin/gs+0xd29) 0x62a00053b840 is located 5696 bytes inside of 20048-byte region [0x62a00053a200,0x62a00053f050) freed by thread T0 here: #0 0x7f9c0b8b7a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10) #1 0x7f9c0a4c960f in gs_heap_free_object base/gsmalloc.c:348 #2 0x7f9c0a46655d in alloc_free_clump base/gsalloc.c:2593 #3 0x7f9c0a45f7d1 in free_all_not_allocator base/gsalloc.c:1000 #4 0x7f9c0a45cf20 in clump_splay_app base/gsalloc.c:602 #5 0x7f9c0a45fa30 in i_free_all base/gsalloc.c:1036 #6 0x7f9c0a7fd475 in restore_free psi/isave.c:989 #7 0x7f9c0a7fc7b8 in restore_space psi/isave.c:847 #8 0x7f9c0a7fc220 in alloc_restore_step_in psi/isave.c:784 #9 0x7f9c0a7fcbfb in alloc_restore_all psi/isave.c:886 #10 0x7f9c0a700455 in gs_main_finit psi/imain.c:978 #11 0x7f9c0a700a74 in gs_to_exit_with_code psi/imain.c:1013 #12 0x7f9c0a700a9b in gs_to_exit psi/imain.c:1018 #13 0x7f9c0a70b97b in gsapi_exit psi/iapi.c:561 #14 0x557197880114 in main psi/dxmainc.c:90 #15 0x7f9c0976b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) previously allocated by thread T0 here: #0 0x7f9c0b8b7d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28) #1 0x7f9c0a4c8aac in gs_heap_alloc_bytes base/gsmalloc.c:183 #2 0x7f9c0a46560b in alloc_acquire_clump base/gsalloc.c:2430 #3 0x7f9c0a4651c0 in alloc_add_clump base/gsalloc.c:2379 #4 0x7f9c0a4635d3 in alloc_obj base/gsalloc.c:1991 #5 0x7f9c0a46097c in i_alloc_struct base/gsalloc.c:1229 #6 0x7f9c0a7dbb9c in gs_istate_alloc psi/zgstate.c:590 #7 0x7f9c0a4ea417 in gstate_clone base/gsstate.c:1008 #8 0x7f9c0a4e6eaf in gs_gsave base/gsstate.c:325 #9 0x7f9c0a4e712a in gs_gsave_for_save base/gsstate.c:370 #10 0x7f9c0a7879a0 in zsave psi/zvmem.c:84 #11 0x7f9c0a6f3b8a in z2save psi/zdevice2.c:219 #12 0x7f9c0a721f63 in interp psi/interp.c:1310 #13 0x7f9c0a71d2eb in gs_call_interp psi/interp.c:511 #14 0x7f9c0a71cc52 in gs_interpret psi/interp.c:468 #15 0x7f9c0a6fb8d2 in gs_main_interpret psi/imain.c:245 #16 0x7f9c0a6fe323 in gs_main_run_string_end psi/imain.c:663 #17 0x7f9c0a6fdf6a in gs_main_run_string_with_length psi/imain.c:621 #18 0x7f9c0a6fdedc in gs_main_run_string psi/imain.c:603 #19 0x7f9c0a705d7c in run_string psi/imainarg.c:977 #20 0x7f9c0a705b87 in runarg psi/imainarg.c:967 #21 0x7f9c0a705539 in argproc psi/imainarg.c:900 #22 0x7f9c0a701d22 in gs_main_init_with_args psi/imainarg.c:238 #23 0x7f9c0a70b18e in gsapi_init_with_args psi/iapi.c:353 #24 0x5571978800d4 in main psi/dxmainc.c:86 #25 0x7f9c0976b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free base/gdevp14.c:2016 in pdf14_cleanup_parent_color_profiles Shadow bytes around the buggy address: 0x0c548009f6b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c548009f6c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c548009f6d0: fd fd fd fd fd fd fd fd f
Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer
tags 859621 moreinfo thanks Hello Olivier. Thank you for your report. On Wed 05 Apr 2017 at 12:13:56 +0200, Olivier Aubert wrote: > I own a Brother MFC7420 printer (which requires proprietary drivers that use > gutenprint). > It has been working correctly with printer-driver-gutenprint 5.2.10. Since > the upgrade to > 5.2.11-1+b1 (and idem with 5.2.11-1+b2), the printer stopped working, with > the following > message in /var/log/cups/error.log: > > [cups-deviced] PID 27449 (gutenprint52+usb) stopped with status 1! > > Similar issues can be found in Ubuntu [1] and ArchLinux [2]. > > I solved it for the moment by downgrading printer-driver-gutenprint to 5.2.10 > > [1] > https://ubuntu-mate.community/t/printer-pauses-randomly-after-upgrade-to-16-04/5653 > [2] https://bbs.archlinux.org/viewtopic.php?id=208475 Intriguing. The MFC7420 is not supported by Gutenprint! Where do the Brother drivers enter the picture? Regards, Brian.
Processed: Re: Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer
Processing commands for cont...@bugs.debian.org: > tags 859621 moreinfo Bug #859621 [printer-driver-gutenprint] printer-driver-gutenprint: Regression in 5.2.11 for Brother printer Added tag(s) moreinfo. > thanks Stopping processing here. Please contact me if you need assistance. -- 859621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859621 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#859621: printer-driver-gutenprint: Regression in 5.2.11 for Brother printer
Package: printer-driver-gutenprint Version: 5.2.11-1+b2 Severity: important Dear Maintainer, I own a Brother MFC7420 printer (which requires proprietary drivers that use gutenprint). It has been working correctly with printer-driver-gutenprint 5.2.10. Since the upgrade to 5.2.11-1+b1 (and idem with 5.2.11-1+b2), the printer stopped working, with the following message in /var/log/cups/error.log: [cups-deviced] PID 27449 (gutenprint52+usb) stopped with status 1! Similar issues can be found in Ubuntu [1] and ArchLinux [2]. I solved it for the moment by downgrading printer-driver-gutenprint to 5.2.10 [1] https://ubuntu-mate.community/t/printer-pauses-randomly-after-upgrade-to-16-04/5653 [2] https://bbs.archlinux.org/viewtopic.php?id=208475 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages printer-driver-gutenprint depends on: ii cups 2.2.1-8 ii cups-client 2.2.1-8 ii cups-filters [ghostscript-cups] 1.11.6-3 ii libc62.24-9 ii libcups2 2.2.1-8 ii libcupsimage22.2.1-8 pn libgutenprint2 ii libusb-1.0-0 2:1.0.21-1 printer-driver-gutenprint recommends no packages. Versions of packages printer-driver-gutenprint suggests: pn gutenprint-doc pn gutenprint-locales -- no debconf information
