UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF
Latest version: 9.26~dfsg+0-0ubuntu0.14.04.8
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript" in Trusty

Repository Area Version
base main 9.10~dfsg-0ubuntu10
updates main 9.26~dfsg+0-0ubuntu0.14.04.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.14.04.8 2019-03-21 18:06:20 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.8) trusty-security; urgency=medium

  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
      gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/gs_res.ps.
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/gs_res.ps.
    - CVE-2019-3838

 -- Marc Deslauriers <email address hidden> Tue, 19 Mar 2019 09:04:25 -0400
Source diff to previous version
CVE-2019-3835 superexec operator is available
CVE-2019-3838 forceput in DefineResource is still accessible

Version: 9.26~dfsg+0-0ubuntu0.14.04.7 2019-02-26 15:07:21 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail,
    second fix attempt. (LP: #1815339)
    - debian/patches/lp1815339.patch: re-enable.
    - debian/patches/lp1815339-2.patch: properly map RGBW color space in
      cups/gdevcups.c.

 -- Marc Deslauriers <email address hidden> Mon, 25 Feb 2019 09:41:28 -0500
Source diff to previous version
1815339 Printer stopped printing paper size 4\

Version: 9.26~dfsg+0-0ubuntu0.14.04.6 2019-02-23 17:06:36 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.6) trusty-security; urgency=medium

  * SECURITY REGRESSION: Ghostscript update causes blue background
    (LP: #1817308)
    - disable debian/patches/lp1815339.patch

 -- Chris Coulson <email address hidden> Sat, 23 Feb 2019 07:01:35 +0100
Source diff to previous version
1817308 GhostScript Update causes Blue Background

Version: 9.26~dfsg+0-0ubuntu0.14.04.5 2019-02-21 16:06:36 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.5) trusty-security; urgency=medium

  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
    (LP: #1815339)
    - debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.
  * debian/symbols.common: add new symbol missing in previous update.

 -- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 11:46:54 +0100
Source diff to previous version
1815339 Printer stopped printing paper size 4\

Version: 9.26~dfsg+0-0ubuntu0.14.04.4 2019-01-23 18:06:49 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-6116.patch: address .force* operators
      exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
      Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
      Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
      Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
      Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
      Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
      psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
    - CVE-2019-6116

 -- Marc Deslauriers <email address hidden> Wed, 16 Jan 2019 10:54:43 -0500
CVE-2019-6116 subroutines within pseudo-operators must themselves be pseudo-operators


About   -   Send Feedback to @ubuntu_updates