rpms/ghostscript
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added security patch for CVE-2017-7207

Browse Source 
Resolves: #1434497
This commit is contained in:
David Kaspar [Dee'Kej] 2017-04-06 16:25:29 +02:00
parent 9a57fb6419
commit 3706c3f331
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
ghostscript-9.20-cve-2017-7207.patch Normal file
View File

@ -0,0 +1,33 @@
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Mon, 20 Mar 2017 09:34:11 +0000
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
This is only possible by abusing/mis-using Ghostscript-specific
language extensions, so cannot happen in a general PostScript program.
Nevertheless, Ghostscript should not crash. So this commit checks the
memory device to see if raster memory has been allocated, before trying
to read from it.
---
base/gdevmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/base/gdevmem.c b/base/gdevmem.c
index afd05bd..d52d684 100644
--- a/base/gdevmem.c
+++ b/base/gdevmem.c
@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
return_error(gs_error_rangecheck);
}
+ if (mdev->line_ptrs == 0x00)
+ return_error(gs_error_rangecheck);
if ((w <= 0) | (h <= 0)) {
if ((w | h) < 0)
return_error(gs_error_rangecheck);
--
2.9.3

9
ghostscript.spec
View File

@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
Name: ghostscript Name: ghostscript
Version: %{gs_ver} Version: %{gs_ver}
Release: 7%{?dist} Release: 8%{?dist}
# Included CMap data is Redistributable, no modification permitted, # Included CMap data is Redistributable, no modification permitted,
# see http://bugzilla.redhat.com/487510 # see http://bugzilla.redhat.com/487510
@ -30,6 +30,7 @@ Patch7: ghostscript-9.20-cve-2016-7978.patch
Patch8: ghostscript-9.20-cve-2016-8602.patch Patch8: ghostscript-9.20-cve-2016-8602.patch
Patch9: ghostscript-9.20-cve-2016-7977.patch Patch9: ghostscript-9.20-cve-2016-7977.patch
Patch12: ghostscript-9.20-cve-2016-9601.patch Patch12: ghostscript-9.20-cve-2016-9601.patch
Patch13: ghostscript-9.20-cve-2017-7207.patch
Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-core%{?_isa} = %{version}-%{release}
Requires: %{name}-x11%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release}
@ -155,6 +156,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
# Squash signed/unsigned warnings in MSVC jbig2 build (bug #1410021): # Squash signed/unsigned warnings in MSVC jbig2 build (bug #1410021):
%patch12 -p1 %patch12 -p1
# Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497):
%patch13 -p1
# Convert manual pages to UTF-8 # Convert manual pages to UTF-8
from8859_1() { from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@ -351,6 +355,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libgs.so %{_libdir}/libgs.so
%changelog %changelog
* Thu Apr 06 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-8
Added security fix for CVE-2017-7207 (bug #1434497)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.20-7 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.20-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild