UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional package for libgs-common

Latest version: 10.01.2~dfsg1-0ubuntu2.3
Release: mantic (23.10)
Level: security
Repository: universe

Links



Other versions of "ghostscript" in Mantic

Repository Area Version
base universe 10.01.2~dfsg1-0ubuntu2
base main 10.01.2~dfsg1-0ubuntu2
security main 10.01.2~dfsg1-0ubuntu2.3
updates main 10.01.2~dfsg1-0ubuntu2.3
updates universe 10.01.2~dfsg1-0ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.01.2~dfsg1-0ubuntu2.3 2024-06-17 20:07:26 UTC

  ghostscript (10.01.2~dfsg1-0ubuntu2.3) mantic-security; urgency=medium

  * SECURITY UPDATE: Policy bypass via improperly checked eexec seed
    - debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
      Type 1 standard when SAFER mode is used in zmisc1.c.
    - CVE-2023-52722
  * SECURITY UPDATE: Arbitrary code execution via uniprint device
    - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
      argument strings after SAFER is activated in gdevupd.c.
    - CVE-2024-29510
  * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
    checked path arguments
    - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - CVE-2024-33869
  * SECURITY UPDATE: Path traversal via improperly checked path arguments
    - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
      prefixes when handling relative paths in gpmisc.c.
    - CVE-2024-33870
  * SECURITY UPDATE: Arbitrary code execution via custom driver library
    - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
      specifies the names of dynamic libraries to be loaded by the opvp/oprp
      device in gdevopvp.c
    - CVE-2024-33871

 -- Chris Kim <email address hidden> Mon, 03 Jun 2024 14:47:09 -0700

Source diff to previous version
CVE-2023-52722 An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 stand

Version: 10.01.2~dfsg1-0ubuntu2.2 2023-12-12 14:12:48 UTC

  ghostscript (10.01.2~dfsg1-0ubuntu2.2) mantic-security; urgency=medium

  * SECURITY UPDATE: DoS via dangling pointer
    - debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
      seekable output files in base/gdevprn.c, devices/gdevtsep.c.
    - CVE-2023-46751

 -- Marc Deslauriers <email address hidden> Mon, 11 Dec 2023 14:22:28 -0500

Source diff to previous version
CVE-2023-46751 An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the

Version: 10.01.2~dfsg1-0ubuntu2.1 2023-10-17 13:07:02 UTC

  ghostscript (10.01.2~dfsg1-0ubuntu2.1) mantic-security; urgency=medium

  * SECURITY UPDATE: code execution via PS documents and IJS device
    - debian/patches/CVE-2023-43115.patch: prevent PostScript programs
      switching to the IJS device after SAFER has been activated in
      devices/gdevijs.c.
    - CVE-2023-43115

 -- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 08:59:19 -0400

CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi



About   -   Send Feedback to @ubuntu_updates