Package "ghostscript"
Name: |
ghostscript
|
Description: |
interpreter for the PostScript language and for PDF
|
Latest version: |
9.26~dfsg+0-0ubuntu0.14.04.8 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://www.ghostscript.com/ |
Links
Download "ghostscript"
Other versions of "ghostscript" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
ghostscript (9.26~dfsg+0-0ubuntu0.14.04.3) trusty-security; urgency=medium
* SECURITY REGRESSION: multiple regressions (LP: #1806517)
- debian/patches/020181126-96c381c*.patch: fix duplex issue.
- debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
-dLastPage issue.
-- Marc Deslauriers <email address hidden> Thu, 06 Dec 2018 07:18:19 -0500
|
Source diff to previous version |
1806517 |
Ghostscript segmentation fault on PDF using -dFirstPage and -dLastPage |
|
ghostscript (9.26~dfsg+0-0ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
- CVE-2018-19409
- CVE-2018-19475
- CVE-2018-19476
- CVE-2018-19477
* Removed patches included in new version:
- debian/patches/0218*.patch
- debian/patches/lp1800062.patch
* debian/symbols.common: updated for new version.
-- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 08:37:17 -0500
|
Source diff to previous version |
CVE-2018-19409 |
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. |
CVE-2018-19475 |
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not |
CVE-2018-19476 |
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusio |
CVE-2018-19477 |
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusi |
|
ghostscript (9.25~dfsg+1-0ubuntu0.14.04.3) trusty; urgency=medium
* Fix dependency for libgs9-common (LP: #1802958)
-- Ioanna Alifieraki <email address hidden> Mon, 12 Nov 2018 18:09:10 +0000
|
Source diff to previous version |
1802958 |
libgs9-common not upgraded when libgs9 upgraded |
|
ghostscript (9.25~dfsg+1-0ubuntu0.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/0218*.patch: multiple cherry-picked upstream commits
to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
these for Debian's 9.25~dfsg-3 package.
- debian/symbols.common: added new symbol.
- CVE-2018-17961
- CVE-2018-18073
- CVE-2018-18284
* Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
- debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
logic in cups/gdevcups.c.
-- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 09:05:40 -0400
|
Source diff to previous version |
1800062 |
Ghostscript command line: /usr/bin/gs :Unrecoverable error: undefined in .putdeviceprops |
CVE-2018-17961 |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this i |
CVE-2018-18073 |
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack |
CVE-2018-18284 |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. |
|
ghostscript (9.25~dfsg+1-0ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY UPDATE: updated to 9.25 to fix multiple security issues
- Previous security release contained an incomplete fix for
CVE-2018-16510, and there are many other security fixes and
improvements that went into the new upstream version without getting
CVE numbers assigned.
- CVE-2018-16510
- CVE-2018-17183
* Packages changes required for new version:
- debian/patches/CVE*: removed, included in new version.
- debian/patches/*: updated from cosmic package.
- debian/copyright*: updated from cosmic package.
- debian/rules, debian/libgs-dev.install: remove static library.
- debian/symbols.common: updated for new version.
- debian/rules: use bundled lcms2 as trusty version is too old.
-- Marc Deslauriers <email address hidden> Thu, 27 Sep 2018 09:46:18 -0400
|
CVE-2018-16510 |
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote |
CVE-2018-17183 |
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScr |
|
About
-
Send Feedback to @ubuntu_updates