Ubuntu released an advisory today (December 12): https://ubuntu.com/security/notices/USN-6551-1
Source RPM: (none) => ghostscript-10.00.0-6.3.mga9.src.rpm
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. (CVE-2023-46751) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46751 https://ubuntu.com/security/notices/USN-6551-1 ======================== Updated packages in core/updates_testing: ======================== ghostscript-10.00.0-6.4.mga9 ghostscript-X-10.00.0-6.4.mga9 ghostscript-common-10.00.0-6.4.mga9 ghostscript-doc-10.00.0-6.4.mga9 ghostscript-dvipdf-10.00.0-6.4.mga9 ghostscript-module-X-10.00.0-6.4.mga9 lib64gs10-10.00.0-6.4.mga9 lib64gs-devel-10.00.0-6.4.mga9 lib64ijs1-0.35-173.3.mga9 lib64ijs-devel-0.35-173.3.mga9 from SRPM: ghostscript-10.00.0-6.4.mga9.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNED
CVE: (none) => CVE-2023-46751CC: (none) => marja11
Advisory from comment 1 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisory
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. (CVE-2023-46751) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46751 https://ubuntu.com/security/notices/USN-6551-1 ======================== Updated packages in core/updates_testing: ======================== ghostscript-10.00.0-6.4.mga9 ghostscript-X-10.00.0-6.4.mga9 ghostscript-common-10.00.0-6.4.mga9 ghostscript-doc-10.00.0-6.4.mga9 ghostscript-dvipdf-10.00.0-6.4.mga9 ghostscript-module-X-10.00.0-6.4.mga9 lib(64)gs10-10.00.0-6.4.mga9 lib(64)gs-devel-10.00.0-6.4.mga9 lib(64)ijs1-0.35-173.4.mga9 lib(64)ijs-devel-0.35-173.4.mga9 from SRPM: ghostscript-10.00.0-6.4.mga9.src.rpm
Status comment: (none) => Packages in commen#3
Tested on Real Hardware Mageia 9 x86_64 In current version, open a pdf with gs filepdf.pdf The pdf open in a window, resize the window and the image in current page is repeated 6 times Update to testing versions without issues Open same pdf with gs filepdf.pdf The pdf open in a window, resize the window and the image in current page is repeated 6 times Not found POC, don't know what more test
Confirm that the behavior as described in Comment 4 still exists in the test versions.
CC: (none) => herman.viaene
As comment#4 is not a regression, I set the OK, maybe we must open a new bug once this packages become official updates
Whiteboard: (none) => MGA9-64-OK
CC: (none) => mageia
I also see the problem described in comment 4 but it the duplication of content seem not limited - on my 4kScreen i could get 5 copies i width, two in height. Maybe not a bug, but as designed. Should be checked on other systems or with upstream before making a bug.
CC: (none) => fri
Wouldn't be easier to backport just ghostscript 10.02.1 to mga9 which already includes the fixes? I'm using it locally since a while, without problems.
CC: (none) => ghibomgx
To me, backport seem logical.
I'd be OK with that. But you still need a new bug for the backport request. Validating this one, to get this security fix out.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
(In reply to Thomas Andrews from comment #10) > I'd be OK with that. But you still need a new bug for the backport request. > > Validating this one, to get this security fix out. Sorry, I mistyped, it's not a backport request, but a suggestions to use directly the ghostscript 10.02.1 as version for core/updates, that already include the fixes (and also other improvements) and thus avoiding to backport the single security patches. From what I could test 10.02.1 worked flawlessly (and seems even better than the original 10.00.0), and shouldn't have break the API.
(In reply to Giuseppe Ghibò from comment #11) > (In reply to Thomas Andrews from comment #10) > > > I'd be OK with that. But you still need a new bug for the backport request. > > > > Validating this one, to get this security fix out. > > Sorry, I mistyped, it's not a backport request, but a suggestions to use with "backport request" I thought request for "core/backports", which is not what I intended.
OK, I see. So, suppose I leave the validation to get the security patch out - as long as it's here, tested, and ready - and you file a new bug to update to 10.02.1 for the bugfixes? Does that make sense to you?
(In reply to Thomas Andrews from comment #13) > OK, I see. > > So, suppose I leave the validation to get the security patch out - as long > as it's here, tested, and ready - and you file a new bug to update to > 10.02.1 for the bugfixes? > > Does that make sense to you? Yes, if the bug is resolved we can validate this one and keep 10.02.1 for next rounds. With the 10.02.1 indeed I never saw the multiple pages as reported on comment 4.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0351.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED