UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.26~dfsg+0-0ubuntu0.18.10.3
Release: cosmic (18.10)
Level: updates
Repository: main
Homepage: https://www.ghostscript.com/

Links

Save this URL for the latest version of "ghostscript": https://www.ubuntuupdates.org/ghostscript


Download "ghostscript"


Other versions of "ghostscript" in Cosmic

Repository Area Version
base main 9.25~dfsg+1-0ubuntu1
security main 9.26~dfsg+0-0ubuntu0.18.10.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.18.10.3 2018-12-06 20:07:11 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.10.3) cosmic-security; urgency=medium

  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
    - debian/patches/020181126-96c381c*.patch: fix duplex issue.
    - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
      -dLastPage issue.

 -- Marc Deslauriers <email address hidden> Thu, 06 Dec 2018 07:14:48 -0500

Source diff to previous version
1806517 Ghostscript segmentation fault on PDF using -dFirstPage and -dLastPage

Version: 9.26~dfsg+0-0ubuntu0.18.10.1 2018-11-29 15:07:21 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.18.10.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
    - CVE-2018-19409
    - CVE-2018-19475
    - CVE-2018-19476
    - CVE-2018-19477
  * Removed patches included in new version:
    - debian/patches/0218*.patch
    - debian/patches/lp1800062.patch
  * debian/libgs9.symbols: updated for new version.

 -- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 07:12:52 -0500

Source diff to previous version
CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not
CVE-2018-19476 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusio
CVE-2018-19477 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusi

Version: 9.25~dfsg+1-0ubuntu1.1 2018-10-30 21:06:24 UTC

  ghostscript (9.25~dfsg+1-0ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0218*.patch: multiple cherry-picked upstream commits
      to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
      these for Debian's 9.25~dfsg-3 package.
    - debian/libgs9.symbols: added new symbol.
    - CVE-2018-17961
    - CVE-2018-18073
    - CVE-2018-18284
  * Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
    - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
      logic in cups/gdevcups.c.

 -- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 08:38:06 -0400

1800062 Ghostscript command line: /usr/bin/gs :Unrecoverable error: undefined in .putdeviceprops
CVE-2018-17961 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this i
CVE-2018-18073 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack
CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.



About   -   Send Feedback to @ubuntu_updates