mirror of
https://git.yoctoproject.org/poky
synced 2026-04-30 21:32:13 +02:00
e84345d6e6
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. (From OE-Core rev: 6c32ea184941d292cd8f0eb898e6cc90120ada40) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
From f0a61679d28bc1561640403d92492e199bc1c0f3 Mon Sep 17 00:00:00 2001
|
|
From: Chris Liddell <chris.liddell@artifex.com>
|
|
Date: Wed, 10 Oct 2018 23:25:51 +0100
|
|
Subject: [PATCH 5/5] Bug 699938: .loadfontloop must be an operator
|
|
|
|
In the fix for Bug 699816, I omitted to make .loadfontloop into an operator, to
|
|
better hide .forceundef and .putgstringcopy.
|
|
|
|
CVE: CVE-2018-17961
|
|
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
|
---
|
|
Resource/Init/gs_fonts.ps | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
|
|
index 89c3ab7..72feff2 100644
|
|
--- a/Resource/Init/gs_fonts.ps
|
|
+++ b/Resource/Init/gs_fonts.ps
|
|
@@ -1148,7 +1148,7 @@ $error /SubstituteFont { } put
|
|
|
|
} loop % end of loop
|
|
|
|
- } bind executeonly def % must be bound and hidden for .putgstringcopy
|
|
+ } bind executeonly odef % must be bound and hidden for .putgstringcopy
|
|
|
|
currentdict /.putgstringcopy .undef
|
|
|
|
--
|
|
2.7.4
|
|
|