From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/16] ghostscript: fix CVE-2023-38559
Date: Wed, 16 Aug 2023 16:49:36 -1000 [thread overview]
Message-ID: <e77c0b35969ae690b390ffae682fd6552ff8aff8.1692239433.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1692239433.git.steve@sakoman.com>
From: Archana Polampalli <archana.polampalli@windriver.com>
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559
Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ghostscript/CVE-2023-38559.patch | 32 +++++++++++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
new file mode 100644
index 0000000000..2b2b85fa27
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
@@ -0,0 +1,32 @@
+From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f]
+
+CVE: CVE-2023-38559
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index f679127..66c771b 100644
+--- a/base/gdevdevn.c
++++ b/base/gdevdevn.c
+@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
+ byte data = *from;
+
+ from += step;
+- if (data != *from || from == end) {
++ if (from >= end || data != *from) {
+ if (data >= 0xc0)
+ gp_fputc(0xc1, file);
+ } else {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 48508fd6a2..ad0b008cab 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -37,6 +37,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://cve-2023-28879.patch \
file://CVE-2023-36664-0001.patch \
file://CVE-2023-36664-0002.patch \
+ file://CVE-2023-38559.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.34.1
next prev parent reply other threads:[~2023-08-17 2:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-17 2:49 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 01/16] python3-certifi: fix CVE-2023-37920 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 02/16] qemu: fix CVE-2020-14394 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 03/16] qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Steve Sakoman
2023-08-17 2:49 ` Steve Sakoman [this message]
2023-08-17 2:49 ` [OE-core][kirkstone 05/16] procps: patch CVE-2023-4016 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 06/16] qemu: fix CVE-2023-3180 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 07/16] curl: Backport fix CVE-2023-32001 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 08/16] dmidecode: fixup for CVE-2023-30630 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 09/16] linux-yocto/5.10: update to v5.10.186 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 10/16] linux-yocto/5.10: update to v5.10.187 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 11/16] linux-yocto/5.10: update to v5.10.188 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 12/16] linux-firmware: Fix mediatek mt7601u firmware path Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 13/16] npm.bbclass: avoid DeprecationWarning with new python Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 14/16] scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2 Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 15/16] rpm2cpio.sh: update to the last 4.x version Steve Sakoman
2023-08-17 2:49 ` [OE-core][kirkstone 16/16] libxcrypt: update PV to match SRCREV Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e77c0b35969ae690b390ffae682fd6552ff8aff8.1692239433.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox