oss-sec mailing list archives
Re: CVE request: ghostscript and gv
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 25 Aug 2010 15:23:34 +0200
Tomas Hoger wrote:
On Sun, 30 May 2010 22:08:12 +0200 Bernhard R. Link wrote:Gs's -P- not working (at least for gs_init.ps), is definitly a bug that needs to be fixed.I believe we should try to clarify what CVE-2010-2055 got actually assigned to, as it seems to be used for more than one thing: - ghostscript uses CWD to search for initialization files - gv did not pass -P- to gs, leading to problems related to the default mentioned above
That's the initial situation.It can be fixed in two ways: a) set SEARCH_HERE_FIRST=0 as default for gs b) keep SEARCH_HERE_FIRST=1 and require applications to pass -P- However, ...
- some ghostscript versions search CWD even when started with -P-
... as it turned out neither a) nor b) actually solve the problem: http://bugs.ghostscript.com/show_bug.cgi?id=691350#c11 So fixing gs must be part of the solution always. That's http://svn.ghostscript.com/viewvc?view=rev&revision=11352 Therefore up to three CVE numbers could be assigned a) insecure default of gs b) applications don't pass -P- c) non working -P-/SEARCH_HERE_FIRST Fixing a) means b) isn't needed but then it's just a compile time default that may or may not be changed by distros. Both a) and b) imply a fix for c) though. No idea if a separate CVE is actually useful in that case. We've decided for a), fix gs once and for all. Hopefully. :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Re: CVE request: ghostscript and gv Tomas Hoger (Jul 19)
- <Possible follow-ups>
- Re: CVE request: ghostscript and gv Tomas Hoger (Aug 25)
- Re: CVE request: ghostscript and gv Ludwig Nussel (Aug 25)
- Re: CVE request: ghostscript and gv Tomas Hoger (Aug 26)
- Re: CVE request: ghostscript and gv Ludwig Nussel (Aug 25)