Ubuntu
ghostscript package

ghostscript crashes after loading 20 page repeatedly

Bug #183628 reported by ecyrbe
256
Affects Status Importance Assigned to Milestone
ghostscript (Debian)
Fix Released
Unknown
ghostscript (Ubuntu)
Fix Released
Undecided
Martin Pitt
Dapper
Won't Fix
Low
Unassigned
Edgy
Won't Fix
Low
Unassigned
Feisty
Won't Fix
Low
Unassigned
Gutsy
Won't Fix
Low
Ubuntu Security Team

Bug Description

Binary package hint: ghostscript

while testing gostscript i found a bug while loading repeatedly 20 page using psapi_init_with_args multiple times.
this bug seems to be corrected upstream :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453048
thanks for applying the patch

Revision history for this message
Martin Pitt (pitti) wrote :

This was fixed during the Hardy merge process.

Changed in ghostscript:
assignee: nobody → pitti
status: New → In Progress
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in ghostscript:
status: Unknown → Fix Released
Revision history for this message
ecyrbe (ecyrbe) wrote :

it's a security fix, because it generate an overflow...
this patch should be applied to gutsy too...

Revision history for this message
Martin Pitt (pitti) wrote :

Security team, can you please do that update for stables?

Changed in ghostscript:
assignee: nobody → ubuntu-security
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I have confirmed this with a private reproducer. However, I am marking this as Won't Fix because:
1. Requires malicious code to call gs_main_init_with_args() multiple times. The gs binary itself does not do this, so it is safe.
2. checked rdepends on libgs8, libgs-esp (for multiple calls to gsapi_init_with_args, which calls gs_main_init_with_args())-- only okular from kde4graphics calls it, and does so once per instance
3. if the user has the ability to compile and run malicious code, there are far worse things that could be done

Changed in ghostscript:
importance: Undecided → Low
status: New → Won't Fix
importance: Undecided → Low
status: New → Won't Fix
importance: Undecided → Low
status: New → Won't Fix
importance: Undecided → Low
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.