UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF
Latest version: 9.26~dfsg+0-0ubuntu0.14.04.8
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript" in Trusty

Repository Area Version
base main 9.10~dfsg-0ubuntu10
security main 9.26~dfsg+0-0ubuntu0.14.04.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.14.04.3 2018-12-06 20:07:02 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
    - debian/patches/020181126-96c381c*.patch: fix duplex issue.
    - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
      -dLastPage issue.

 -- Marc Deslauriers <email address hidden> Thu, 06 Dec 2018 07:18:19 -0500
Source diff to previous version
1806517 Ghostscript segmentation fault on PDF using -dFirstPage and -dLastPage

Version: 9.26~dfsg+0-0ubuntu0.14.04.1 2018-11-29 15:07:13 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
    - CVE-2018-19409
    - CVE-2018-19475
    - CVE-2018-19476
    - CVE-2018-19477
  * Removed patches included in new version:
    - debian/patches/0218*.patch
    - debian/patches/lp1800062.patch
  * debian/symbols.common: updated for new version.

 -- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 08:37:17 -0500
Source diff to previous version
CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not
CVE-2018-19476 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusio
CVE-2018-19477 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusi

Version: 9.25~dfsg+1-0ubuntu0.14.04.3 2018-11-22 18:06:54 UTC

  ghostscript (9.25~dfsg+1-0ubuntu0.14.04.3) trusty; urgency=medium

  * Fix dependency for libgs9-common (LP: #1802958)

 -- Ioanna Alifieraki <email address hidden> Mon, 12 Nov 2018 18:09:10 +0000
Source diff to previous version
1802958 libgs9-common not upgraded when libgs9 upgraded

Version: 9.25~dfsg+1-0ubuntu0.14.04.2 2018-10-30 21:06:15 UTC

  ghostscript (9.25~dfsg+1-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0218*.patch: multiple cherry-picked upstream commits
      to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
      these for Debian's 9.25~dfsg-3 package.
    - debian/symbols.common: added new symbol.
    - CVE-2018-17961
    - CVE-2018-18073
    - CVE-2018-18284
  * Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
    - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
      logic in cups/gdevcups.c.

 -- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 09:05:40 -0400
Source diff to previous version
1800062 Ghostscript command line: /usr/bin/gs :Unrecoverable error: undefined in .putdeviceprops
CVE-2018-17961 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this i
CVE-2018-18073 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack
CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

Version: 9.25~dfsg+1-0ubuntu0.14.04.1 2018-10-01 14:06:41 UTC

  ghostscript (9.25~dfsg+1-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: updated to 9.25 to fix multiple security issues
    - Previous security release contained an incomplete fix for
      CVE-2018-16510, and there are many other security fixes and
      improvements that went into the new upstream version without getting
      CVE numbers assigned.
    - CVE-2018-16510
    - CVE-2018-17183
  * Packages changes required for new version:
    - debian/patches/CVE*: removed, included in new version.
    - debian/patches/*: updated from cosmic package.
    - debian/copyright*: updated from cosmic package.
    - debian/rules, debian/libgs-dev.install: remove static library.
    - debian/symbols.common: updated for new version.
    - debian/rules: use bundled lcms2 as trusty version is too old.

 -- Marc Deslauriers <email address hidden> Thu, 27 Sep 2018 09:46:18 -0400
CVE-2018-16510 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote
CVE-2018-17183 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScr


About   -   Send Feedback to @ubuntu_updates