diff --git a/CVE-2015-3228.patch b/CVE-2015-3228.patch new file mode 100644 index 0000000..b139345 --- /dev/null +++ b/CVE-2015-3228.patch @@ -0,0 +1,11 @@ +--- base/gsmalloc.c ++++ base/gsmalloc.c +@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) + } else { + uint added = size + sizeof(gs_malloc_block_t); + +- if (mmem->limit - added < mmem->used) ++ if (added <= size || mmem->limit - added < mmem->used) + set_msg("exceeded limit"); + else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) + set_msg("failed"); diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 82c5444..9d70610 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de + +- CVE-2015-3228.patch fixes out of bound read/write cause + by integer overflow in gsmalloc.c (boo#939342). + ------------------------------------------------------------------- Tue Mar 31 10:18:06 CEST 2015 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index f87651a..f928b01 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -76,6 +76,9 @@ Patch11: ppc64le-support.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +Patch101: CVE-2015-3228.patch # Conflicts: ghostscript Conflicts: ghostscript-x11 @@ -149,7 +152,10 @@ This package contains the development files for Minimal Ghostscript. # because LCMS 1.x is removed since Ghostscript 9.16 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 -%patch11 -p1 +%patch11 -p1 -b ppc64le-support.orig +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +%patch101 -b .CVE-2015-3228.orig %build # Set our preferred architecture-specific flags for the compiler and linker: diff --git a/ghostscript.changes b/ghostscript.changes index e2580e3..1317a7a 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 29 15:20:46 CEST 2015 - jsmeix@suse.de + +- CVE-2015-3228.patch fixes out of bound read/write cause + by integer overflow in gsmalloc.c (boo#939342). + ------------------------------------------------------------------- Tue Mar 31 10:18:06 CEST 2015 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index 38a3ff8..5c9be58 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -96,6 +96,9 @@ Patch11: ppc64le-support.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +Patch101: CVE-2015-3228.patch # # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from @@ -286,7 +289,10 @@ This package contains the development files for Ghostscript. # because LCMS 1.x is removed since Ghostscript 9.16 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 -%patch11 -p1 +%patch11 -p1 -b ppc64le-support.orig +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +%patch101 -b .CVE-2015-3228.orig %build # Set our preferred architecture-specific flags for the compiler and linker: