Bug 248580

Summary:

print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2020-15900)

Product:

Ports & Packages

Reporter:

Vladimir Druzenko <vvd>

Component:

Individual Port(s)

Assignee:

Mateusz Piotrowski <0mp>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

0mp, blackend, doceng, hrs, joneum, koobs, ports-secteam

Priority:

Normal

Keywords:

needs-qa, security

Version:

Latest

Flags:

blackend: maintainer-feedback+
blackend: maintainer-feedback-
koobs: merge-quarterly?

Hardware:

Any

OS:

Any

URL:

https://insomniasec.com/blog/ghostscript-cve-2020-15900

Attachments:

Description	Flags
Fixed CVE-2020-15900	vvd: maintainer-approval? (doceng)

Description Vladimir Druzenko freebsd_committer

2020-08-10 17:03:55 UTC

Created attachment 217132 [details]
Fixed CVE-2020-15900

Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)

This patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b

Comment 1 Vladimir Druzenko freebsd_committer

2020-08-14 11:03:25 UTC

Something wrong with patch?

Tested build on 12.1 and 11.4 amd64.

Comment 2 Marc Fonvieille freebsd_committer

2020-08-14 11:45:27 UTC

(In reply to VVD from comment #1)
Approved.
Thanks.

Comment 3 commit-hook freebsd_committer

2020-08-15 02:35:01 UTC

A commit references this bug:

Author: hrs
Date: Sat Aug 15 02:34:43 UTC 2020
New revision: 544907
URL: https://svnweb.freebsd.org/changeset/ports/544907

Log:
  Fix a memory corruption issue which can allow overriding of file
  access controls.

  Security:	CVE-2020-15900
  Security:	https://insomniasec.com/blog/ghostscript-cve-2020-15900
  Obtained from:	https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499
  272b95a6b890a1397e11d20937de000d31b
  PR:		248580

Changes:
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/files/patch-Resource_Init_FAPIcidfmap
  head/print/ghostscript9-agpl-base/files/patch-configure
  head/print/ghostscript9-agpl-base/files/patch-lcms2mt
  head/print/ghostscript9-agpl-base/files/patch-psi-zstring.c

Comment 4 Hiroki Sato freebsd_committer

2020-08-15 02:38:14 UTC

Committed to head and will be merged to the quarterly branch.  Thanks for the report.

Comment 5 Jochen Neumeister freebsd_committer

2020-08-15 09:50:17 UTC

(In reply to Hiroki Sato from comment #4)

Thanks for the commit.

Unfortunately the field "MFH" was not used, so ports-secteam was not informed. 

Please create a vuxml entry for the CVE, after that it is released for 2020Q3.

Best regards
joneum (ports-secteam)

Comment 6 Kubilay Kocak freebsd_committer

2020-08-15 10:34:52 UTC

^Triage: Leave merge-quarterly flag open ? until merged

Comment 7 commit-hook freebsd_committer

2021-01-17 22:24:10 UTC

A commit references this bug:

Author: 0mp
Date: Sun Jan 17 22:23:35 UTC 2021
New revision: 561880
URL: https://svnweb.freebsd.org/changeset/ports/561880

Log:
  Document ghostscript9-agpl-base vulnerability committed in r544907

  PR:		248580
  Requested by:	joneum (ports-secteam)
  Reported by:	VVD <vvd@unislabs.com>
  MFH:		2021Q1
  Security:	CVE-2020-15900

Changes:
  head/security/vuxml/vuln.xml