UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.55.0~dfsg1-0ubuntu5.9
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.ghostscript.com/

Links


Download "ghostscript"


Other versions of "ghostscript" in Jammy

Repository Area Version
base main 9.55.0~dfsg1-0ubuntu5
updates main 9.55.0~dfsg1-0ubuntu5.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.55.0~dfsg1-0ubuntu5.9 2024-07-15 15:07:23 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.9) jammy-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
    - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
      Filters to overflow the debug buffer in pdf/pdf_file.c.
    - CVE-2024-29506
  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508
  * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
    - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
      pdf/pdf_sec.c.
    - CVE-2024-29509
  * SECURITY UPDATE: directory traversal issue via OCRLanguage
    - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
      SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdfp.c.
    - debian/patches/CVE-2024-29511-2.patch: original fix was overly
      aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
    - debian/libgs9.symbols: mark some symbols as optional.
    - CVE-2024-29511

 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2024 12:07:09 -0400

Source diff to previous version
CVE-2024-29506 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-29508 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_allo
CVE-2024-29509 Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
CVE-2024-29511 Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing o

Version: 9.55.0~dfsg1-0ubuntu5.7 2024-06-17 20:07:21 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.7) jammy-security; urgency=medium

  * SECURITY UPDATE: Policy bypass via improperly checked eexec seed
    - debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
      Type 1 standard when SAFER mode is used in zmisc1.c.
    - CVE-2023-52722
  * SECURITY UPDATE: Arbitrary code execution via uniprint device
    - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
      argument strings after SAFER is activated in gdevupd.c.
    - CVE-2024-29510
  * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
    checked path arguments
    - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - CVE-2024-33869
  * SECURITY UPDATE: Path traversal via improperly checked path arguments
    - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
      prefixes when handling relative paths in gpmisc.c.
    - CVE-2024-33870
  * SECURITY UPDATE: Arbitrary code execution via custom driver library
    - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
      specifies the names of dynamic libraries to be loaded by the opvp/oprp
      device in gdevopvp.c
    - CVE-2024-33871

 -- Chris Kim <email address hidden> Mon, 03 Jun 2024 21:54:57 -0700

Source diff to previous version
CVE-2023-52722 An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 stand

Version: 9.55.0~dfsg1-0ubuntu5.6 2023-12-12 14:12:46 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.6) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via dangling pointer
    - debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
      seekable output files in base/gdevprn.c, devices/gdevtsep.c.
    - CVE-2023-46751

 -- Marc Deslauriers <email address hidden> Mon, 11 Dec 2023 14:25:45 -0500

Source diff to previous version
CVE-2023-46751 An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the

Version: 9.55.0~dfsg1-0ubuntu5.5 2023-10-17 13:06:58 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.5) jammy-security; urgency=medium

  * SECURITY UPDATE: code execution via PS documents and IJS device
    - debian/patches/CVE-2023-43115.patch: prevent PostScript programs
      switching to the IJS device after SAFER has been activated in
      devices/gdevijs.c.
    - CVE-2023-43115

 -- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 09:02:58 -0400

Source diff to previous version
CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi

Version: 9.55.0~dfsg1-0ubuntu5.4 2023-08-17 14:07:03 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.4) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
      deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
    - CVE-2023-38559

 -- Allen Huang <email address hidden> Tue, 15 Aug 2023 11:40:49 +0100

CVE-2023-38559 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a den



About   -   Send Feedback to @ubuntu_updates