Back to bug 1380415
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-29 14:26:02 UTC | Depends On | 1380416 | |
| Adam Mariš | 2016-09-29 14:31:46 UTC | Blocks | 1380329 | |
| Adam Mariš | 2016-10-06 08:25:14 UTC | Summary | ghostscript: .libfile does not honor -dSAFER | CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER |
| Alias | CVE-2016-7977 | |||
| Cedric Buissart | 2016-10-06 10:06:35 UTC | Whiteboard | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=new,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=affected | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-06 10:19:50 UTC | CC | cbuissar | |
| David Kaspar // Dee'Kej | 2016-10-07 12:37:00 UTC | Blocks | 1380327 | |
| Cedric Buissart | 2016-10-18 10:09:05 UTC | Whiteboard | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=affected | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-18 13:29:45 UTC | Doc Text | It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and retrieve, in the context of the gs process, file content on the target machine. | |
| Cedric Buissart | 2016-10-26 15:54:36 UTC | Whiteboard | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=affected | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
| Norman Sardella | 2016-10-28 00:32:31 UTC | CC | sardella | |
| Cedric Buissart | 2016-10-31 16:06:48 UTC | Depends On | 1390299 | |
| Cedric Buissart | 2016-10-31 16:06:54 UTC | Depends On | 1390300 | |
| Cedric Buissart | 2016-10-31 16:08:40 UTC | Depends On | 1390301 | |
| Cedric Buissart | 2016-10-31 16:08:47 UTC | Depends On | 1390302 | |
| David Kaspar // Dee'Kej | 2016-11-01 14:35:12 UTC | Blocks | 1380327 | |
| David Kaspar // Dee'Kej | 2016-11-04 15:46:03 UTC | Status | NEW | ASSIGNED |
| Tomas Hoger | 2016-11-04 15:54:43 UTC | Status | ASSIGNED | NEW |
| Cedric Buissart | 2016-11-28 17:00:14 UTC | Doc Text | It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and retrieve, in the context of the gs process, file content on the target machine. | It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine. |
| Cedric Buissart | 2016-11-28 17:04:12 UTC | Doc Text | It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine. | It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine. |
| Cedric Buissart | 2017-01-04 11:10:21 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-04 06:10:21 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:05 UTC | Whiteboard | impact=moderate,public=20160928,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=6.2/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
Back to bug 1380415