Bug 431536 (CVE-2008-0411)

Summary: CVE-2008-0411 ghostscript: stack-based buffer overflow in .seticcspace operator
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly, security-response-team, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 8.61-8.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-03 18:24:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 433366, 433367, 433369, 433370, 433371, 435145, 435146, 435147    
Bug Blocks:    
Attachments:
Description Flags
Patch proposed by Werner Fink none

Description Tomas Hoger 2008-02-05 11:28:39 UTC 
Chris Evans of Google security team has reported a buffer overflow in
zseticcspace() function in zicc.c.  The issue is over-trust of the length of a
postscript array which an attacker can set to an arbitrary length.

This issue can lead to arbitrary code execution.
Comment 4 Tomas Hoger 2008-02-05 17:11:58 UTC 
Created attachment 294020 [details]
Patch proposed by Werner Fink
Comment 10 Tomas Hoger 2008-02-27 16:42:47 UTC 
Chris Evans' advisory is public now, lifting embargo:

http://scary.beasts.org/security/CESA-2008-001.html
Comment 12 Fedora Update System 2008-02-27 17:44:11 UTC 
ghostscript-8.15.4-4.fc7 has been submitted as an update for Fedora 7
Comment 13 Fedora Update System 2008-02-28 21:40:02 UTC 
ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ghostscript'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-1998
Comment 14 Fedora Update System 2008-03-03 18:24:12 UTC 
ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2008-03-06 16:39:07 UTC 
ghostscript-8.15.4-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.