Bug 1654464 (CVE-2018-19476)

Summary: CVE-2018-19476 ghostscript: access bypass in psi/zicc.c (700169)
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cbuissar, deekej, mosvald, twaugh, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ghostscript 9.26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-01 14:02:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1654465, 1660828, 1660829, 1660830    
Bug Blocks: 1654472    

Description Laura Pardo 2018-11-28 20:44:52 UTC 
A vulnerability was found in Artifex Ghostscript before 9.26. A type confusion in setcolorspace in psi/zicc.c allows remote attackers to bypass intended access restrictions. 


References:
https://bugs.ghostscript.com/show_bug.cgi?id=700169 
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Upstream Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a 
http://git.ghostscript.com/?p=ghostpdl.git;h=548bb434e81dadcc9f71adf891a3ef5bea8e2b4e
Comment 1 Laura Pardo 2018-11-28 20:46:09 UTC 
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 1654465]
Comment 2 Cedric Buissart 2018-12-05 12:38:03 UTC 
Mitigation:

Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509
Comment 4 Cedric Buissart 2018-12-19 10:30:47 UTC 
Note: 
Adding additional patch, from https://bugs.ghostscript.com/show_bug.cgi?id=700169#c1, to protect other type confusions :

Upstream Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=548bb434e81dadcc9f71adf891a3ef5bea8e2b4e
Comment 5 Cedric Buissart 2018-12-19 10:37:38 UTC 
Statement:

Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Comment 7 errata-xmlrpc 2019-01-31 18:19:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0229 https://access.redhat.com/errata/RHSA-2019:0229