UbuntuUpdates.org

Package "libgs9-common"

Name: libgs9-common

Description:

interpreter for the PostScript language and for PDF - common files

Latest version: 9.50~dfsg-5ubuntu4.13
Release: focal (20.04)
Level: updates
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links


Download "libgs9-common"


Other versions of "libgs9-common" in Focal

Repository Area Version
base main 9.50~dfsg-5ubuntu4
security main 9.50~dfsg-5ubuntu4.13

Changelog

Version: 9.50~dfsg-5ubuntu4.8 2023-07-10 16:06:58 UTC

  ghostscript (9.50~dfsg-5ubuntu4.8) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect permission validation for pipe devices
    - debian/patches/CVE-2023-36664-pre1.patch: improve handling of current
      directory permissions in base/gpmisc.c.
    - debian/patches/CVE-2023-36664-pre2.patch: fix gp_file allocations to
      use thread_safe_memory in base/gpmisc.c.
    - debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
      for permission validation in base/gpmisc.c, base/gslibctx.c.
    - debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
      in base/gpmisc.c, base/gslibctx.c.
    - CVE-2023-36664

 -- Marc Deslauriers <email address hidden> Wed, 05 Jul 2023 12:56:27 -0400

Source diff to previous version
CVE-2023-36664 Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Version: 9.50~dfsg-5ubuntu4.7 2023-04-13 22:07:14 UTC

  ghostscript (9.50~dfsg-5ubuntu4.7) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2023-28879.patch: add check to make sure that the
      buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
    - CVE-2023-28879

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 10:48:39 -0300

Source diff to previous version
CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in

Version: 9.50~dfsg-5ubuntu4.6 2022-09-27 17:06:20 UTC

  ghostscript (9.50~dfsg-5ubuntu4.6) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in lp8000_print_page()
    - debian/patches/CVE-2020-27792.patch: fixed output buffer size worst
      case in devices/gdevlp8k.c.
    - CVE-2020-27792

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:40:09 -0400

Source diff to previous version
CVE-2020-27792 A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a us

Version: 9.50~dfsg-5ubuntu4.5 2022-01-12 15:07:15 UTC

  ghostscript (9.50~dfsg-5ubuntu4.5) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in sampled_data_sample
    - debian/patches/CVE-2021-45944.patch: check stack limits after
      function evaluation in psi/zfsample.c.
    - CVE-2021-45944
  * SECURITY UPDATE: heap-based buffer overflow in sampled_data_finish
    - debian/patches/CVE-2021-45949.patch: fix op stack management in
      psi/zfsample.c.
    - CVE-2021-45949

 -- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 09:22:11 -0500

Source diff to previous version
CVE-2021-45944 Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2021-45949 Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Version: 9.50~dfsg-5ubuntu4.4 2021-11-25 12:06:19 UTC

  ghostscript (9.50~dfsg-5ubuntu4.4) focal; urgency=medium

  * debian/patches/2021_fix-double-hyphen-option.patch: Fix bug
    where using '--' command line syntax fails to read input files
    (LP: #1913656)

 -- William 'jawn-smith' Wilson <email address hidden> Thu, 14 Oct 2021 15:32:37 -0500

1913656 `gs [options] -- \u003cinput_file\u003e` fails with \



About   -   Send Feedback to @ubuntu_updates