Opened 17 years ago
Closed 17 years ago
#2488 closed defect (fixed)
ESP Ghostscript security issue
| Reported by: | Randy McMurchy | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 6.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | major | Keywords: | |
| Cc: |
Description
Alexander wrote in BLFS-Dev:
Randy McMurchy wrote:
The short answer is that ESP GS will probably stay in the book as is until after BLFS-6.3 has been released.
Even though my FreeBSD installation received a security advisory (stack-based buffer overflow) against a newer (8.61) GPL version of Ghostscript? See http://scary.beasts.org/security/CESA-2008-001.html, it applies to Linux, too.
There's a patch that is reported to fix it. This patch should be tested and implemented into the book if it works as expected.
Here is the patch (from http://bugs.gentoo.org/attachment.cgi?id=143467):
--- src/zicc.c +++ src/zicc.c 2008-02-05 16:11:59.000000000 +0000 @@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
dict_find_string(op, "N", &pnval); ncomps = pnval->value.intval;
+ if (2*ncomps > sizeof(range_buff)/sizeof(float)) + return_error(e_rangecheck); +
/* verify the DataSource entry */ if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
return_error(e_undefined);
Added the patch to the ESP Ghostscript instructions. Thanks Alexander!