UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF
Latest version: 9.26~dfsg+0-0ubuntu0.18.04.18
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript" in Bionic

Repository Area Version
base main 9.22~dfsg+1-0ubuntu1
updates main 9.26~dfsg+0-0ubuntu0.18.04.18

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.18.04.18 2023-04-13 22:07:09 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.18) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2023-28879.patch: add check to make sure that the
      buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
    - CVE-2023-28879

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 10:09:22 -0300
Source diff to previous version
CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in

Version: 9.26~dfsg+0-0ubuntu0.18.04.17 2022-09-27 15:07:02 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.17) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in lp8000_print_page()
    - debian/patches/CVE-2020-27792.patch: fixed output buffer size worst
      case in devices/gdevlp8k.c.
    - CVE-2020-27792

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:43:27 -0400
Source diff to previous version
CVE-2020-27792 A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a us

Version: 9.26~dfsg+0-0ubuntu0.18.04.16 2022-04-28 20:06:22 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.16) bionic-security; urgency=medium

  * SECURITY UPDATE: old code execution issue
    - debian/patches/CVE-2019-25059-1.patch: undef .completefont in
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps.
    - debian/patches/CVE-2019-25059-2.patch: undef .origdefinefont,
      .origundefinefont, .origfindfont in Resource/Init/gs_init.ps,
      Resource/Init/gs_res.ps.
    - CVE-2019-25059

 -- Marc Deslauriers <email address hidden> Wed, 27 Apr 2022 08:27:55 -0400
Source diff to previous version
CVE-2019-25059 Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.

Version: 9.26~dfsg+0-0ubuntu0.18.04.15 2022-01-12 14:06:24 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.15) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free in sampled_data_sample
    - debian/patches/CVE-2021-45944.patch: check stack limits after
      function evaluation in psi/zfsample.c.
    - CVE-2021-45944
  * SECURITY UPDATE: heap-based buffer overflow in sampled_data_finish
    - debian/patches/CVE-2021-45949.patch: fix op stack management in
      psi/zfsample.c.
    - CVE-2021-45949

 -- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 09:22:40 -0500
Source diff to previous version
CVE-2021-45944 Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2021-45949 Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Version: 9.26~dfsg+0-0ubuntu0.18.04.14 2021-01-07 16:07:12 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.04.14) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in opj_t1_encode_cblks
    - debian/patches/CVE-2018-5727.patch: fix UBSAN signed integer overflow
      in openjpeg/src/lib/openjp2/t1.c.
    - CVE-2018-5727
  * SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-6851.patch: reject images whose
      coordinates are beyond INT_MAX in openjpeg/src/lib/openjp2/j2k.c.
    - CVE-2020-6851
  * SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-8112.patch: avoid integer overflow in
      openjpeg/src/lib/openjp2/tcd.c.
    - CVE-2020-8112
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2020-27814-1.patch: grow buffer size in
      openjpeg/src/lib/openjp2/tcd.c.
    - debian/patches/CVE-2020-27814-2.patch: grow it again
    - debian/patches/CVE-2020-27814-3.patch: and some more
    - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
    - CVE-2020-27814
  * SECURITY UPDATE: global-buffer-overflow
    - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
      irreversible conversion when too many decomposition levels are
      specified in openjpeg/src/lib/openjp2/dwt.c.
    - CVE-2020-27824
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27841.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c, openjpeg/src/lib/openjp2/pi.h,
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27841
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-27842.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27842
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27843.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27843
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27845.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c.
    - CVE-2020-27845

 -- Marc Deslauriers <email address hidden> Wed, 06 Jan 2021 12:44:08 -0500
CVE-2018-5727 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage thi
CVE-2020-6851 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimen
CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different
CVE-2020-27824 global-buffer-overflow read in lib-openjp2
CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by t
CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg coul
CVE-2020-27843 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encodin
CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conver


About   -   Send Feedback to @ubuntu_updates