Bug 25379

Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing some submitters

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, marja11, nicolas.salguero, smelror

RedHat has issued an advisory for this on September 2:
https://access.redhat.com/errata/RHSA-2019:2586

Severity: major => critical

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator. (CVE-2019-14811)

Safer Mode Bypass by .forceput Exposure in setuserparams. (CVE-2019-14812)

Safer Mode Bypass by .forceput Exposure in setsystemparams. (CVE-2019-14813)

Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures. (CVE-2019-14817)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817
https://www.openwall.com/lists/oss-security/2019/08/28/2
https://access.redhat.com/errata/RHSA-2019:2586
========================

Updated packages in 6/core/updates_testing:
========================
ghostscript-9.26-1.6.mga6
ghostscript-dvipdf-9.26-1.6.mga6
ghostscript-common-9.26-1.6.mga6
ghostscript-X-9.26-1.6.mga6
ghostscript-module-X-9.26-1.6.mga6
lib(64)gs9-9.26-1.6.mga6
lib(64)gs-devel-9.26-1.6.mga6
lib(64)ijs1-0.35-143.6.mga6
lib(64)ijs-devel-0.35-143.6.mga6
ghostscript-doc-9.26-1.6.mga6

from SRPMS:
ghostscript-9.26-1.6.mga6.src.rpm

Updated packages in 7/core/updates_testing:
========================
ghostscript-9.27-1.3.mga7
ghostscript-dvipdf-9.27-1.3.mga7
ghostscript-common-9.27-1.3.mga7
ghostscript-X-9.27-1.3.mga7
ghostscript-module-X-9.27-1.3.mga7
lib(64)gs9-9.27-1.3.mga7
lib(64)gs-devel-9.27-1.3.mga7
lib(64)ijs1-0.35-147.3.mga7
lib(64)ijs-devel-0.35-147.3.mga7
ghostscript-doc-9.27-1.3.mga7

from SRPMS:
ghostscript-9.27-1.3.mga7.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
CVE: (none) => CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
Version: Cauldron => 7

mga7, x86_64

Checked the CVEs - no reproducers available.

Clean update of the 10 packages.
Restarted cups server.
$ gs --version
9.27

Ran the following out of curiosity.  The "1183615869" still seems to mean something.
$ gs -dSAFER -dNODISPLAY
GPL Ghostscript 9.27 (2019-04-04)
Copyright (C) 2018 Artifex Software, Inc.  All rights reserved.
This software is supplied under the GNU AGPLv3 and comes with NO WARRANTY:
see the file COPYING for details.
GS>1183615869 internaldict /superexec known { (VULNERABLE\n) } { (SAFE\n) }
GS<3>ifelse print
SAFE
GS>quit

$ dvipdf refcard.dvi refcard.pdf
dvips: Font cmbx10 at 13824 not found; scaling 600 instead.
dvips: Such scaling will generate extremely poor output.
Page 1 may be too complex to print
Page 2 may be too complex to print
Page 5 may be too complex to print
Page 6 may be too complex to print
Warning:  no %%Page comments generated.

The PDF file matches the original DVI.

Set up HPLIP wifi printer HP Photosmart 5520 aka "okda".
Printing via cli worked fine.
$ lpr -Pokda report.25294
Printed an odt file from LO writer.

Viewed a locally generated postscript file with gs - graphics and text rendered fine.

It all works here for 64bit.

CC: (none) => tarazed25

mga6, x86_64

All packages updated cleanly.
$ gs --version
9.26

The wireless printer was already set up under HPLIP.
Ran the same tests as outlined in comment 4, with identical results.

OK for 64bit and can be validated, suggested advisory in comment 3, to be pushed to SVN.

Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOO MGA7-64-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0271.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED