UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.26~dfsg+0-0ubuntu0.18.04.3
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://www.ghostscript.com/

Links

Save this URL for the latest version of "ghostscript": https://www.ubuntuupdates.org/ghostscript


Download "ghostscript"


Other versions of "ghostscript" in Bionic

Repository Area Version
base main 9.22~dfsg+1-0ubuntu1
updates main 9.26~dfsg+0-0ubuntu0.18.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.18.04.3 2018-12-06 20:07:08 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
    - debian/patches/020181126-96c381c*.patch: fix duplex issue.
    - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
      -dLastPage issue.

 -- Marc Deslauriers <email address hidden> Thu, 06 Dec 2018 07:17:16 -0500

Source diff to previous version
1806517 Ghostscript segmentation fault on PDF using -dFirstPage and -dLastPage

Version: 9.26~dfsg+0-0ubuntu0.18.04.1 2018-11-29 14:07:14 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
    - CVE-2018-19409
    - CVE-2018-19475
    - CVE-2018-19476
    - CVE-2018-19477
  * Removed patches included in new version:
    - debian/patches/0218*.patch
    - debian/patches/lp1800062.patch
  * debian/libgs9.symbols: updated for new version.
  * debian/libgs__VER__-common.maintscript.in: Updated to new version. This
    needs to be done every time the xenial package is updated to a new
    upstream release.

 -- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 08:15:24 -0500

Source diff to previous version
CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not
CVE-2018-19476 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusio
CVE-2018-19477 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusi

Version: 9.25~dfsg+1-0ubuntu0.18.04.2 2018-10-30 18:06:22 UTC

  ghostscript (9.25~dfsg+1-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0218*.patch: multiple cherry-picked upstream commits
      to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
      these for Debian's 9.25~dfsg-3 package.
    - debian/libgs9.symbols: added new symbol.
    - CVE-2018-17961
    - CVE-2018-18073
    - CVE-2018-18284
  * Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
    - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
      logic in cups/gdevcups.c.
  * Fix iccprofiles directory to symlink issue (LP: #1800328)
    - debian/libgs__VER__-common.maintscript.in: make sure directory is
      correctly transitioned to a symlink.

 -- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 09:00:57 -0400

Source diff to previous version
1800062 Ghostscript command line: /usr/bin/gs :Unrecoverable error: undefined in .putdeviceprops
1800328 HP Office Jet Cups reports Filter Failed. Works OK with 16.04
CVE-2018-17961 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this i
CVE-2018-18073 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack
CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

Version: 9.25~dfsg+1-0ubuntu0.18.04.1 2018-10-01 13:07:11 UTC

  ghostscript (9.25~dfsg+1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: updated to 9.25 to fix multiple security issues
    - Previous security release contained an incomplete fix for
      CVE-2018-16510, and there are many other security fixes and
      improvements that went into the new upstream version without getting
      CVE numbers assigned.
    - CVE-2018-16510
    - CVE-2018-17183
  * Packages changes required for new version:
    - debian/patches/CVE*: removed, included in new version.
    - debian/patches/*: refreshed from cosmic package.
    - debian/copyright*: updated from cosmic package.
    - debian/libgs9.symbols: updated with new symbols.

 -- Marc Deslauriers <email address hidden> Thu, 27 Sep 2018 07:27:17 -0400

Source diff to previous version
CVE-2018-16510 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote
CVE-2018-17183 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScr

Version: 9.22~dfsg+1-0ubuntu1.2 2018-09-19 08:06:23 UTC

  ghostscript (9.22~dfsg+1-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2018-1*.patch: backport large number of
      upstream security fixes.
    - CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911,
      CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513,
      CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542,
      CVE-2018-16543, CVE-2018-16802

 -- Marc Deslauriers <email address hidden> Tue, 11 Sep 2018 08:49:14 -0400

CVE-2018-15908 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write fil
CVE-2018-15909 In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScri
CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter
CVE-2018-15911 In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode ope
CVE-2018-16509 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exception
CVE-2018-16510 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote
CVE-2018-16511 An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted Post
CVE-2018-16513 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash th
CVE-2018-16539 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to di
CVE-2018-16540 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in co
CVE-2018-16541 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to cra
CVE-2018-16542 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during e
CVE-2018-16543 In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
CVE-2018-16802 An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception



About   -   Send Feedback to @ubuntu_updates