Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJ_zFk+yw7HcUtqg8cUTqwTx3F0F8atYY95=RCzkBz-zKwK0JQ@mail.gmail.com>
Date: Thu, 11 Oct 2018 10:20:17 -0700
From: Tavis Ormandy <taviso@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

On Tue, Oct 9, 2018 at 6:58 AM Tavis Ormandy <taviso@...gle.com> wrote:

>
> The fix is public now, here are the necessary commit:
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94
>
>
>
A small update, one of these commits was to mark all procedures that use
dangerous operators as operators themselves. The idea is that error
handlers will only see the top-level operator and not any sub-operators (I
know, this is getting complicated).

I noticed a procedure upstream missed, .loadfontloop. Upstream have double
checked if there were any others, and I did too - we think that is all of
them.

So this commit is necessary as well:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63

Thanks, Tavis.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.