UbuntuUpdates.org

Package "ghostscript-dbg"

Name: ghostscript-dbg

Description:

interpreter for the PostScript language and for PDF - Debug symbols
Latest version: 9.50~dfsg-5ubuntu4.11
Release: focal (20.04)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript-dbg" in Focal

Repository Area Version
base main 9.50~dfsg-5ubuntu4
updates main 9.50~dfsg-5ubuntu4.11

Changelog

Version: 9.50~dfsg-5ubuntu4.6 2022-09-27 15:07:04 UTC

  ghostscript (9.50~dfsg-5ubuntu4.6) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in lp8000_print_page()
    - debian/patches/CVE-2020-27792.patch: fixed output buffer size worst
      case in devices/gdevlp8k.c.
    - CVE-2020-27792

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:40:09 -0400
Source diff to previous version
CVE-2020-27792 A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a us

Version: 9.50~dfsg-5ubuntu4.5 2022-01-12 14:06:27 UTC

  ghostscript (9.50~dfsg-5ubuntu4.5) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in sampled_data_sample
    - debian/patches/CVE-2021-45944.patch: check stack limits after
      function evaluation in psi/zfsample.c.
    - CVE-2021-45944
  * SECURITY UPDATE: heap-based buffer overflow in sampled_data_finish
    - debian/patches/CVE-2021-45949.patch: fix op stack management in
      psi/zfsample.c.
    - CVE-2021-45949

 -- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 09:22:11 -0500
Source diff to previous version
CVE-2021-45944 Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2021-45949 Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Version: 9.50~dfsg-5ubuntu4.3 2021-09-10 14:06:21 UTC

  ghostscript (9.50~dfsg-5ubuntu4.3) focal-security; urgency=medium

  * SECURITY UPDATE: Trivial -dSAFER bypass
    - debian/patches/CVE-2021-3781-pre1.patch: handle format strings in
      pipe OutputFiles in base/gslibctx.c.
    - debian/patches/CVE-2021-3781-pre2.patch: fix pdfwrite "%d" mode with
      file permissions in base/gsdevice.c, base/gslibctx.c.
    - debian/patches/CVE-2021-3781-pre3.patch: move "break" to correct
      place in base/gslibctx.c.
    - debian/patches/CVE-2021-3781.patch: include device specifier strings
      in access validation in base/gdevpipe.c, base/gp_mshdl.c,
      base/gp_msprn.c, base/gp_os2pr.c, base/gslibctx.c.
    - CVE-2021-3781

 -- Marc Deslauriers <email address hidden> Thu, 09 Sep 2021 09:34:31 -0400
Source diff to previous version
CVE-2021-3781 Include device specifier strings in access validation

Version: 9.50~dfsg-5ubuntu4.2 2020-08-24 14:06:24 UTC

  ghostscript (9.50~dfsg-5ubuntu4.2) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2020-16*.patch: backport multiple upstream commits
      to fix various security issues.
    - CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290,
      CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294,
      CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298,
      CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302,
      CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306,
      CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310,
      CVE-2020-17538

 -- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 12:57:00 -0400
Source diff to previous version
CVE-2020-16287 A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to caus
CVE-2020-16288 A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cau
CVE-2020-16289 A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a de
CVE-2020-16290 A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to caus
CVE-2020-16291 A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via
CVE-2020-16292 A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16293 A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostS
CVE-2020-16294 A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a
CVE-2020-16295 A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to c
CVE-2020-16296 A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16297 A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to
CVE-2020-16298 A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to
CVE-2020-16299 A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker t
CVE-2020-16300 A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16301 A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16302 A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to esca
CVE-2020-16303 A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker
CVE-2020-16304 A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to e
CVE-2020-16305 A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16306 A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of se
CVE-2020-16307 A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker
CVE-2020-16308 A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a den
CVE-2020-16309 A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16310 A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-17538 A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cau

Version: 9.50~dfsg-5ubuntu4.1 2020-08-03 14:06:43 UTC

  ghostscript (9.50~dfsg-5ubuntu4.1) focal-security; urgency=medium

  * SECURITY UPDATE: memory corruption issue via non-standard PS operator
    - debian/patches/CVE-2020-15900.patch: fix calculation in
      psi/zstring.c.
    - CVE-2020-15900

 -- Marc Deslauriers <email address hidden> Fri, 31 Jul 2020 14:14:30 -0400
CVE-2020-15900 A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file acce


About   -   Send Feedback to @ubuntu_updates