UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF
Latest version: 10.0.0~dfsg1-0ubuntu1.5
Release: lunar (23.04)
Level: security
Repository: main
Homepage: https://www.ghostscript.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ghostscript"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ghostscript" in Lunar

Repository Area Version
base main 10.0.0~dfsg1-0ubuntu1
base universe 10.0.0~dfsg1-0ubuntu1
security universe 10.0.0~dfsg1-0ubuntu1.5
updates main 10.0.0~dfsg1-0ubuntu1.5
updates universe 10.0.0~dfsg1-0ubuntu1.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.0.0~dfsg1-0ubuntu1.5 2023-12-12 14:12:47 UTC

  ghostscript (10.0.0~dfsg1-0ubuntu1.5) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS via dangling pointer
    - debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
      seekable output files in base/gdevprn.c, devices/gdevtsep.c.
    - CVE-2023-46751

 -- Marc Deslauriers <email address hidden> Mon, 11 Dec 2023 14:25:02 -0500
Source diff to previous version
CVE-2023-46751 An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the

Version: 10.0.0~dfsg1-0ubuntu1.4 2023-10-17 13:06:58 UTC

  ghostscript (10.0.0~dfsg1-0ubuntu1.4) lunar-security; urgency=medium

  * SECURITY UPDATE: code execution via PS documents and IJS device
    - debian/patches/CVE-2023-43115.patch: prevent PostScript programs
      switching to the IJS device after SAFER has been activated in
      devices/gdevijs.c.
    - CVE-2023-43115

 -- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 09:02:25 -0400
Source diff to previous version
CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi

Version: 10.0.0~dfsg1-0ubuntu1.3 2023-08-17 14:07:05 UTC

  ghostscript (10.0.0~dfsg1-0ubuntu1.3) lunar-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
      deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
    - CVE-2023-38559

 -- Allen Huang <email address hidden> Tue, 15 Aug 2023 11:25:30 +0100
Source diff to previous version
CVE-2023-38559 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a den

Version: 10.0.0~dfsg1-0ubuntu1.2 2023-07-10 15:07:03 UTC

  ghostscript (10.0.0~dfsg1-0ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: incorrect permission validation for pipe devices
    - debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
      for permission validation in base/gpmisc.c, base/gslibctx.c.
    - debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
      in base/gpmisc.c, base/gslibctx.c.
    - CVE-2023-36664

 -- Marc Deslauriers <email address hidden> Wed, 05 Jul 2023 12:45:07 -0400
Source diff to previous version
CVE-2023-36664 Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Version: 10.0.0~dfsg1-0ubuntu1.1 2023-04-26 19:07:41 UTC

  ghostscript (10.0.0~dfsg1-0ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2023-28879.patch: add check to make sure that the
      buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
    - debian/patches/CVE-2023-28879-post.patch: add PostScript filters
      removals in Resource/Init/gs_init.ps.
    - CVE-2023-28879

 -- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 25 Apr 2023 16:29:39 -0300
CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in


About   -   Send Feedback to @ubuntu_updates