summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2017-04-05 15:06:51 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 13:07:34 +0100
commit0c5ab30a30bfa6c1f13d758339207083b6a281e7 (patch)
tree2ad207224147ee8ec8be703486869201b952fec9 /meta/recipes-extended
parent3b12b433c0abd4d28eab7412f3efa6fc747759ea (diff)
downloadpoky-0c5ab30a30bfa6c1f13d758339207083b6a281e7.tar.gz
ghostscript: CVE-2017-7207
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207 Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091 (From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d) (From OE-Core rev: 3497bb564fa3bb1d6b938630cd660ee77bec5ab7) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch39
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.19.bb1
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
new file mode 100644
index 0000000000..a05dc02c6c
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
@@ -0,0 +1,39 @@
1From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001
2From: Ken Sharp <ken.sharp@artifex.com>
3Date: Mon, 20 Mar 2017 09:34:11 +0000
4Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
5
6Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
7
8This is only possible by abusing/mis-using Ghostscript-specific
9language extensions, so cannot happen in a general PostScript program.
10
11Nevertheless, Ghostscript should not crash. So this commit checks the
12memory device to see if raster memory has been allocated, before trying
13to read from it.
14
15Upstream-Status: Backport
16CVE: CVE-2017-7207
17
18Author: Ken Sharp <ken.sharp@artifex.com>
19Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
20---
21 base/gdevmem.c | 2 ++
22 1 file changed, 2 insertions(+)
23
24diff --git a/base/gdevmem.c b/base/gdevmem.c
25index 41108ba..183f96d 100644
26--- a/base/gdevmem.c
27+++ b/base/gdevmem.c
28@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
29 GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
30 return_error(gs_error_rangecheck);
31 }
32+ if (mdev->line_ptrs == 0x00)
33+ return_error(gs_error_rangecheck);
34 if ((w <= 0) | (h <= 0)) {
35 if ((w | h) < 0)
36 return_error(gs_error_rangecheck);
37--
382.10.2
39
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.19.bb b/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
index fe2016b15a..5b348a583e 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.19.bb
@@ -30,6 +30,7 @@ SRC_URI = "${SRC_URI_BASE} \
30 file://ghostscript-9.02-genarch.patch \ 30 file://ghostscript-9.02-genarch.patch \
31 file://objarch.h \ 31 file://objarch.h \
32 file://cups-no-gcrypt.patch \ 32 file://cups-no-gcrypt.patch \
33 file://CVE-2017-7207.patch \
33 " 34 "
34 35
35SRC_URI_class-native = "${SRC_URI_BASE} \ 36SRC_URI_class-native = "${SRC_URI_BASE} \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 21:10:10 +0000