UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.50~dfsg-5ubuntu4.11
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.ghostscript.com/

Links


Download "ghostscript"


Other versions of "ghostscript" in Focal

Repository Area Version
base main 9.50~dfsg-5ubuntu4
security main 9.50~dfsg-5ubuntu4.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.50~dfsg-5ubuntu4.11 2023-10-17 14:06:57 UTC

  ghostscript (9.50~dfsg-5ubuntu4.11) focal-security; urgency=medium

  * SECURITY UPDATE: code execution via PS documents and IJS device
    - debian/patches/CVE-2023-43115.patch: prevent PostScript programs
      switching to the IJS device after SAFER has been activated in
      devices/gdevijs.c.
    - CVE-2023-43115

 -- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 09:06:46 -0400

Source diff to previous version
CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi

Version: 9.50~dfsg-5ubuntu4.10 2023-09-13 15:09:14 UTC

  ghostscript (9.50~dfsg-5ubuntu4.10) focal-security; urgency=medium

  * SECURITY UPDATE: Divide By Zero
    - debian/patches/CVE-2020-21710-1.patch: add a zero check for
      bytes_per_space before using it for division in eps_print_page() in
      devices/gdevepsn.c.
    - debian/patches/CVE-2020-21710-2.patch: add a zero check for
      bytes_per_space before using it for division in epsc_print_page() in
      devices/gdevepsc.c
    - CVE-2020-21710
  * SECURITY UPDATE: Out-of-Bounds Write
    - debian/patches/CVE-2020-21890-pre.patch: add the float res assignment
      in clj_get_params() in devices/gdevclj.c.
    - debian/patches/CVE-2020-21890.patch: change the variable for division
      to use res instead of fres.data that could be uninitialized, in
      clj_media_size() in devices/gdevclj.c.
    - CVE-2020-21890

 -- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 12 Sep 2023 11:40:34 -0300

Source diff to previous version
CVE-2020-21710 A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of s
CVE-2020-21890 Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial o

Version: 9.50~dfsg-5ubuntu4.9 2023-08-17 15:06:52 UTC

  ghostscript (9.50~dfsg-5ubuntu4.9) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
      deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
    - CVE-2023-38559

 -- Allen Huang <email address hidden> Tue, 15 Aug 2023 11:17:37 +0100

Source diff to previous version
CVE-2023-38559 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a den

Version: 9.50~dfsg-5ubuntu4.8 2023-07-10 16:06:58 UTC

  ghostscript (9.50~dfsg-5ubuntu4.8) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect permission validation for pipe devices
    - debian/patches/CVE-2023-36664-pre1.patch: improve handling of current
      directory permissions in base/gpmisc.c.
    - debian/patches/CVE-2023-36664-pre2.patch: fix gp_file allocations to
      use thread_safe_memory in base/gpmisc.c.
    - debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
      for permission validation in base/gpmisc.c, base/gslibctx.c.
    - debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
      in base/gpmisc.c, base/gslibctx.c.
    - CVE-2023-36664

 -- Marc Deslauriers <email address hidden> Wed, 05 Jul 2023 12:56:27 -0400

Source diff to previous version
CVE-2023-36664 Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Version: 9.50~dfsg-5ubuntu4.7 2023-04-13 22:07:14 UTC

  ghostscript (9.50~dfsg-5ubuntu4.7) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2023-28879.patch: add check to make sure that the
      buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
    - CVE-2023-28879

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 10:48:39 -0300

CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in



About   -   Send Feedback to @ubuntu_updates