Package "libgs9-common"
Name: |
libgs9-common
|
Description: |
interpreter for the PostScript language and for PDF - common files
|
Latest version: |
9.05~dfsg-0ubuntu4.5 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
ghostscript |
Homepage: |
http://www.ghostscript.com/ |
Links
Download "libgs9-common"
Other versions of "libgs9-common" in Precise
Changelog
ghostscript (9.05~dfsg-0ubuntu4.5) precise-security; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Don't create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 19:05:47 -0700
|
Source diff to previous version |
CVE-2017-8291 |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring in a crafted .eps doc |
CVE-2016-1021 |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to |
CVE-2016-1022 |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to |
CVE-2017-5951 |
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service |
CVE-2017-7207 |
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer der |
|
ghostscript (9.05~dfsg-0ubuntu4.4) precise-security; urgency=medium
* SECURITY UPDATE: Information disclosure through getenv, filenameforall
- debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
honor SAFER
- CVE-2013-5653
* SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
- debian/patches/CVE-2016-7976.patch: Add a file permissions callback
- CVE-2016-7976
* SECURITY UPDATE: use-after-free and remote code execution
- debian/patches/CVE-2016-7978.patch: Reference count device icc profile
- CVE-2016-7978
* SECURITY UPDATE: type confusion allows remote code execution
- debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
- CVE-2016-7979
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2016-8602.patch: check for sufficient params
- CVE-2016-8602
* SECURITY UPDATE: fix SAFER permissions
- debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
- CVE-2016-7977
-- Emily Ratliff <email address hidden> Thu, 01 Dec 2016 08:37:22 -0600
|
Source diff to previous version |
CVE-2013-5653 |
Ghostscript information disclosure through getenv, filenameforall |
CVE-2016-7976 |
various userparams allow %pipe% in paths, allowing remote shell command execution |
CVE-2016-7978 |
reference leak in .setdevice allows use-after-free and remote code execution |
CVE-2016-7979 |
type confusion in .initialize_dsc_parser allows remote code execution |
CVE-2016-8602 |
type confusion |
CVE-2016-7977 |
.libfile doesn't check PermitFileReading array, allowing remote file disclosure |
|
ghostscript (9.05~dfsg-0ubuntu4.3) precise-security; urgency=medium
* SECURITY UPDATE: integer overflow in gs_heap_alloc_bytes()
- debian/patches/CVE-2015-3228.patch: added sanity check to
base/gsmalloc.c.
- CVE-2015-3228
-- Marc Deslauriers Wed, 29 Jul 2015 16:05:11 -0400
|
Source diff to previous version |
|
ghostscript (9.05~dfsg-0ubuntu4.2) precise-proposed; urgency=low
* debian/patches/020120828-535d11e-disable-checking-for-the-max-pdf-object-number-during-pdf-linearisation.patch:
Disable checking for the max pdf object number during PDF linearisation,
because linearisation adds a few new objects to the PDF file (LP: #1032366).
-- Till Kamppeter <email address hidden> Tue, 28 Aug 2012 21:07:13 +0200
|
Source diff to previous version |
1032366 |
pdfopt problem caused by change of pdf_base.ps |
|
ghostscript (9.05~dfsg-0ubuntu4.1) precise-proposed; urgency=low
* debian/patches/020120711-4f6b985-write-transparent-type2-pattern-color-to-clist.patch:
When using a clist, ensure that all the color space data for the
pattern gets written to the clist, *and* that the clist correctly
records all the relevant transparency data (LP: #1022516, upstream bug
#693176).
-- Till Kamppeter <email address hidden> Wed, 11 Jul 2012 17:08:13 +0200
|
1022516 |
Incorrect color output of the buttons on the webpages (google search web page) when printed from Mozilla firefox 12 and above |
|
About
-
Send Feedback to @ubuntu_updates