RedHat has issued an advisory today (August 12): https://access.redhat.com/errata/RHSA-2019:2462 The issue is fixed upstream in 9.28. Mageia 6 and Mageia 7 are also affected.
Whiteboard: (none) => MGA7TOO, MGA6TOOStatus comment: (none) => Fixed upstream in 9.28
More details on the issue: https://www.openwall.com/lists/oss-security/2019/08/12/4
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing two submitters.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, nicolas.salguero, smelror
Blocks: (none) => 24866
Done for mga6, mga7 and Cauldron!
CC: (none) => geiger.david68210
Advisory: ======================== Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas (CVE-2019-10216). Also, the Mageia 7 update fixes a bounding box issue that affects klatexformula (mga#24866). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10216 https://www.openwall.com/lists/oss-security/2019/08/12/4 https://access.redhat.com/errata/RHSA-2019:2462 https://bugs.mageia.org/show_bug.cgi?id=24866 https://bugs.mageia.org/show_bug.cgi?id=25294 ======================== Updated packages in core/updates_testing: ======================== ghostscript-9.26-1.5.mga6 ghostscript-dvipdf-9.26-1.5.mga6 ghostscript-common-9.26-1.5.mga6 ghostscript-X-9.26-1.5.mga6 ghostscript-module-X-9.26-1.5.mga6 libgs9-9.26-1.5.mga6 libgs-devel-9.26-1.5.mga6 libijs1-0.35-143.5.mga6 libijs-devel-0.35-143.5.mga6 ghostscript-doc-9.26-1.5.mga6 ghostscript-9.27-1.2.mga7 ghostscript-dvipdf-9.27-1.2.mga7 ghostscript-common-9.27-1.2.mga7 ghostscript-X-9.27-1.2.mga7 ghostscript-module-X-9.27-1.2.mga7 lib64gs9-9.27-1.2.mga7 lib64gs-devel-9.27-1.2.mga7 lib64ijs1-0.35-147.2.mga7 lib64ijs-devel-0.35-147.2.mga7 ghostscript-doc-9.27-1.2.mga7 from SRPMS: ghostscript-9.26-1.5.mga6.src.rpm ghostscript-9.27-1.2.mga7.src.rpm
Version: Cauldron => 7Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO, MGA6TOO => MGA6TOO
Updated from release 1.4 to 1.5 on Mageia6. Restarted CUPS server. Used HP Photosmart5520 wireless printer. No reproducers available. Some online discussions are still not public. Works with CUPS/HPLIP at the cli for gs and lpr, and from the gui for LibreOffice writer and Firefox (essentially LO). $ dvipdf refcard.dvi refcard.pdf dvips: Font cmbx10 at 13824 not found; scaling 600 instead. dvips: Such scaling will generate extremely poor output. Page 1 may be too complex to print Page 2 may be too complex to print Page 5 may be too complex to print Page 6 may be too complex to print Warning: no %%Page comments generated. The generated PDF displays fine with xpdf or okular. Tried this from an earlier bug report - don't know if the numbers are significant for this version. $ gs -dSAFER -dNODISPLAY GPL Ghostscript 9.26 (2018-11-20) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. GS>1183615869 internaldict /superexec known { (VULNERABLE\n) } { (SAFE\n) } GS<3>ifelse print SAFE GS>quit The "SAFE" came up without prompting. This looks good for 64-bits.
CC: (none) => tarazed25Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK
mga7, x86_64 HP Photosmart 5520 wifi printer CUPS/HPLIP Updated all the packages. Printed a postscript file using lpr and viewed it with gs. Printed an image with LibreOffice draw and an odt file with LO writer. Converted a dvi file to a pdf using dvipdf. Result was OK. The SAFE test from comment 5 worked as before. This is fine for 64bit.
Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0236.html
Status: NEW => RESOLVEDResolution: (none) => FIXED