|
Message-Id: <20161005180433.E7BC8B2E063@smtpvbsrv1.mitre.org> Date: Wed, 5 Oct 2016 14:04:33 -0400 (EDT) From: cve-assign@...re.org To: taviso@...gle.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> using libgs ... the same issues apply there. > bug: various userparams allow %pipe% in paths, allowing remote shell > command execution. > id: http://bugs.ghostscript.com/show_bug.cgi?id=697178 > repro: http://www.openwall.com/lists/oss-security/2016/09/30/8 > patch: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;h=71ac87493b1e445d6c07554d4246cf7d4f44875c Use CVE-2016-7976. There currently isn't a separate CVE ID for the earlier impact that occurred when "b" was in the mode argument to popen. The question of whether popen will execute anyway (even with the 'b" character) is, more or less, a reachability concern in this context, and doesn't mean that a second vulnerability needs to be defined. > bug: .libfile doesn't check PermitFileReading array, allowing remote > file disclosure. > id: http://bugs.ghostscript.com/show_bug.cgi?id=697169 > repro: http://www.openwall.com/lists/oss-security/2016/09/29/28 > patch: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;h=cf046d2f0fa2c6973c6ca8d582a9b185cc4bd280 Use CVE-2016-7977. > bug: reference leak in .setdevice allows use-after-free and remote > code execution > id: http://bugs.ghostscript.com/show_bug.cgi?id=697179 > repro: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0 > patch: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;h=d5ad1e0298e1c193087c824eb4f79628b182e28b Use CVE-2016-7978. > bug: type confusion in .initialize_dsc_parser allows remote code execution > id: http://bugs.ghostscript.com/show_bug.cgi?id=697190 > repro: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0 > patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913 Use CVE-2016-7979. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX9T/VAAoJEHb/MwWLVhi2cAIQAK8qd8U2OgbvvMLLHcWB3Ga8 BOkFNMfEXPYmzsSH7JAL7nv6JMuep5gRCKIVMVfbhSgFtCyb5m7sR7qb3SwAJ8j6 9Vj0Cm/wEif2NkuLQzstqir/wSlh0ltTiBI7Y+BoxVZbXyeh4yOJSbR0SADgp4Kv Vczvr3Ys37mqjFTBULf9AaLIPQO3PF9iG8P48lJFVk+ZedWcJOV1XQIEwaJt1NJv jW/w87MDDQxCmDOcZwha5mMWmiHc3oA3H/DllwMqb5GyW56+ek2zpykj1K2NmDVA VPv01YTZh/PGQeBsnVNJpY9P3NI1FUsxRj7AunUUr50l2b2+0WLxE1fzHvgpd7fV wuJuOoOZoFob6Bsv/OuxmOpsCqGPj5U4Q7CfCamNAHl14ahTZJzTO8plrTD5sexU 9wWSBqMeqtl5QdwcFu0RFvoxK+mPvOT1ufwkTWjk3eaH58tuk6FpacspAqH2sv/F DqEMAGQ7pT6at6c2frQhBRX6aMyp/dUHsoSNRvcLYgR+m0boscez+ayFQGeq1DlT pSbQbKyNb9KBa6u6kN72Ts8uwVKrqFbwuxCgOrXxdCeZQCGMh4vftA317jLDUJbV 2b8fNfMrssi11P7CmAMYX/PRM97ZlPHvdb2l1BcpUASymPj2SCivVQpxOj/pKXLw ihoKA67NoYZiwgVqR44j =2xkJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.