Bug 1131863

Summary: VUL-0: ghostscript: 9.27 release
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: aloisio, jsmeix, me, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-04-08 14:11:42 UTC 
artifex just released 9.27

https://www.ghostscript.com/Ghostscript_9.27.html

Version 9.27 (2019-04-04)

IMPORTANT: It is our intention, within the next 12 months (ideally sooner, in time for the next release) to make SAFER the default mode of operation. For many users this will have no effect, since they use SAFER explicitly, but some niche uses which rely on SAFER being disabled may need to start explicitly adding the "-dNOSAFER" option.

Highlights in this release include:

    We have extensively cleaned up the Postscript name space: removing access to internal and/or undocumented Postscript operators, procedures and data. This has benefits for security and maintainability.

    We have added a new "product": "gpdl". This is a rethink/redesign of the old "language_switch" product (pspcl6), and includes all the interpreters we develop based on the Ghostscript graphics library: Postscript, PDF, PCL6, PXL and XPS. This is experimental, and should be considered of beta testing quality, and thus is not built by default: it can be built by using the "experimental" target.

    gpdl uses a heuristic to judge the file type being passed to it. In general, it supports most of the widely used command line options for each interpreter, but compatibility is not complete (the practicalities of swapping interpreters means it is unlikely that full parity of command line options will be possible).

    Fontmap can now reference invidual fonts in a TrueType Collection for font subsitution. Previously, a Fontmap entry could only reference a TrueType collection and use the default (first) font. Now, the Fontmap syntax allows for specifying a specific index in a TTC. See the comments at the top of (the default) Fontmap.GS for details.

    IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

    The usual round of bug fixes, compatibility changes, and incremental improvements.

For a list of open issues, or to report problems, please visit bugs.ghostscript.com.
Incompatible changes

    The process of "tidying" the Postscript name space should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working, or may change behaviour.

    If you encounter such a case, please contact us (either the #ghostscript IRC channel, or the gs-devel mailing list would be best), and we'll work with you to either find an alternative solution.

    One case we know this has occurred is GSView 5 (and earlier). GSView 5 support for PDF files relied upon internal use only features which are no longer available. GSView 5 will still work as previously for Postscript files. For PDF files, users are encouraged to look at MuPDF.

Changelog

See the history file for complete log of changes.
Comment 1 Johannes Meixner 2019-04-09 08:00:48 UTC 
Ghostscript 9.27 is in the OBS "Printing" project since Friday 05 April 2019
but it caused regressions in cups-filters < v1.22.5 see bug #1131771
in particular see https://bugzilla.suse.com/show_bug.cgi?id=1131771#c1
and follow the links therein.

In cups-filters < v1.22.5 foomatic-rip fails with Ghostscript 9.27
because the function pdf_count_pages calls the Ghostscript
internal "pdfdict" operator but since Ghostscript 9.27
internal and/or undocumented Postscript operators were removed.

Since yesterday cups-filters 1.22.5 is in the OBS "Printing" project,

As usual I keep changed packages in the OBS Printing project
for the default time without immediately forwarding changes
to openSUSE_Factory --> openSUSE_Tumbleweed
so that users of the OBS Printing project can test it, cf.
https://bugzilla.suse.com/show_bug.cgi?id=1128467#c6

Currently Ghostscript 9.27 cannot be in openSUSE Leap 15.0/15.1
because Ghostscript 9.27 requires cups-filters >= 1.22.5
and since version 1.21.1 cups-filters requires QPDF >= 8.1.0
but openSUSE Leap 15.0/15.1 does not provide QPDF >= 8.1.0,
see https://bugzilla.suse.com/show_bug.cgi?id=1131771#c2
Comment 2 Johannes Meixner 2019-04-17 13:20:49 UTC 
Submitted cups-filters 1.22.5 to openSUSE:Factory:
--------------------------------------------------------------------------
$ osc submitrequest -m 'cups-filters version upgrade to 1.22.5 \
 (boo#1131771) which is a precondition for the Ghostscript security \
 version upgrade to 9.27 (boo#1131863)' \
 Printing cups-filters openSUSE:Factory cups-filters

created request id 695170
--------------------------------------------------------------------------
Comment 3 Swamp Workflow Management 2019-04-17 13:50:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1131863) was mentioned in
https://build.opensuse.org/request/show/695170 Factory / cups-filters
Comment 4 Johannes Meixner 2019-05-06 08:07:35 UTC 
Submitted Ghostscript 9.27 to openSUSE:Factory:
-----------------------------------------------------------------------------
$ osc submitrequest -m 'Ghostscript version upgrade to 9.27 (bsc#1131863)' \
 Printing ghostscript openSUSE:Factory ghostscript

created request id 700982
-----------------------------------------------------------------------------
Comment 5 Swamp Workflow Management 2019-05-06 08:40:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1131863) was mentioned in
https://build.opensuse.org/request/show/700982 Factory / ghostscript
Comment 6 Swamp Workflow Management 2019-09-26 16:17:34 UTC 
SUSE-SU-2019:2478-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1129180,1131863,1134156,1140359,1146882,1146884
CVE References: CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    ghostscript-9.27-23.28.1
SUSE OpenStack Cloud 8 (src):    ghostscript-9.27-23.28.1
SUSE OpenStack Cloud 7 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP5 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP4 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Desktop 12-SP5 (src):    ghostscript-9.27-23.28.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    ghostscript-9.27-23.28.1
SUSE Enterprise Storage 5 (src):    ghostscript-9.27-23.28.1
SUSE Enterprise Storage 4 (src):    ghostscript-9.27-23.28.1
HPE Helion Openstack 8 (src):    ghostscript-9.27-23.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Martin Winter 2019-10-01 16:13:06 UTC 
As ghostscript 9.27 is now rolled-out on Leap 15.1, but cups-filters is still on 1.20.3, printing is broken as already foreseen in comment #1. An update of cups-filters is now absolutely necessary for Leap 15.1.

See error_log snippet below:

D [30/Sep/2019:20:56:05 +0200] [Job 586] GPL Ghostscript 9.27: Unrecoverable error, exit code 1
D [30/Sep/2019:20:56:05 +0200] [Job 586] Process is dying with \"Unable to determine number of pages, page count: -1
D [30/Sep/2019:20:56:05 +0200] [Job 586] \", exit stat 3
D [30/Sep/2019:20:56:05 +0200] [Job 586] Cleaning up...
D [30/Sep/2019:20:56:05 +0200] [Job 586] PID 2950 (/usr/lib/cups/filter/foomatic-rip) stopped with status 3.
Comment 9 Marcus Meissner 2020-01-28 07:31:27 UTC 
released