UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.50~dfsg-5ubuntu4.14
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://www.ghostscript.com/

Links


Download "ghostscript"


Other versions of "ghostscript" in Focal

Repository Area Version
base main 9.50~dfsg-5ubuntu4
updates main 9.50~dfsg-5ubuntu4.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.50~dfsg-5ubuntu4.14 2024-11-12 19:07:06 UTC

  ghostscript (9.50~dfsg-5ubuntu4.14) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect Pattern Implementation type handling
    - debian/patches/CVE-2024-46951.patch: check the type of the Pattern
      Implementation in psi/zcolor.c.
    - CVE-2024-46951
  * SECURITY UPDATE: output filename overflow
    - debian/patches/CVE-2024-46953.patch: check for overflow validating
      format string for the output file name in base/gsdevice.c.
    - CVE-2024-46953
  * SECURITY UPDATE: Out of bounds read when reading color
    - debian/patches/CVE-2024-46955.patch: check Indexed colour space index
      in psi/zcolor.c.
    - CVE-2024-46955
  * SECURITY UPDATE: incorrect buffer length check
    - debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
    - CVE-2024-46956

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 12:42:45 -0500

Source diff to previous version
CVE-2024-46951 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead
CVE-2024-46953 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th
CVE-2024-46955 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa
CVE-2024-46956 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code

Version: 9.50~dfsg-5ubuntu4.13 2024-07-15 15:07:15 UTC

  ghostscript (9.50~dfsg-5ubuntu4.13) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508

 -- Marc Deslauriers <email address hidden> Wed, 10 Jul 2024 09:40:58 -0400

Source diff to previous version
CVE-2024-29508 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_allo

Version: 9.50~dfsg-5ubuntu4.12 2024-06-17 20:07:17 UTC

  ghostscript (9.50~dfsg-5ubuntu4.12) focal-security; urgency=medium

  * SECURITY UPDATE: Policy bypass via improperly checked eexec seed
    - debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
      Type 1 standard when SAFER mode is used in zmisc1.c.
    - CVE-2023-52722
  * SECURITY UPDATE: Arbitrary code execution via uniprint device
    - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
      argument strings after SAFER is activated in gdevupd.c.
    - CVE-2024-29510
  * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
    checked path arguments
    - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - CVE-2024-33869
  * SECURITY UPDATE: Path traversal via improperly checked path arguments
    - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
      prefixes when handling relative paths in gpmisc.c.
    - CVE-2024-33870
  * SECURITY UPDATE: Arbitrary code execution via custom driver library
    - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
      specifies the names of dynamic libraries to be loaded by the opvp/oprp
      device in gdevopvp.c
    - CVE-2024-33871

 -- Chris Kim <email address hidden> Tue, 04 Jun 2024 08:30:59 -0700

Source diff to previous version
CVE-2023-52722 An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 stand

Version: 9.50~dfsg-5ubuntu4.11 2023-10-17 13:06:55 UTC

  ghostscript (9.50~dfsg-5ubuntu4.11) focal-security; urgency=medium

  * SECURITY UPDATE: code execution via PS documents and IJS device
    - debian/patches/CVE-2023-43115.patch: prevent PostScript programs
      switching to the IJS device after SAFER has been activated in
      devices/gdevijs.c.
    - CVE-2023-43115

 -- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 09:06:46 -0400

Source diff to previous version
CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi

Version: 9.50~dfsg-5ubuntu4.10 2023-09-13 14:08:45 UTC

  ghostscript (9.50~dfsg-5ubuntu4.10) focal-security; urgency=medium

  * SECURITY UPDATE: Divide By Zero
    - debian/patches/CVE-2020-21710-1.patch: add a zero check for
      bytes_per_space before using it for division in eps_print_page() in
      devices/gdevepsn.c.
    - debian/patches/CVE-2020-21710-2.patch: add a zero check for
      bytes_per_space before using it for division in epsc_print_page() in
      devices/gdevepsc.c
    - CVE-2020-21710
  * SECURITY UPDATE: Out-of-Bounds Write
    - debian/patches/CVE-2020-21890-pre.patch: add the float res assignment
      in clj_get_params() in devices/gdevclj.c.
    - debian/patches/CVE-2020-21890.patch: change the variable for division
      to use res instead of fres.data that could be uninitialized, in
      clj_media_size() in devices/gdevclj.c.
    - CVE-2020-21890

 -- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 12 Sep 2023 11:40:34 -0300

CVE-2020-21710 A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of s
CVE-2020-21890 Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial o



About   -   Send Feedback to @ubuntu_updates