UbuntuUpdates.org

Package "libgs9"

Name: libgs9

Description:

interpreter for the PostScript language and for PDF - Library

Latest version: 9.55.0~dfsg1-0ubuntu5.10
Release: jammy (22.04)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links


Download "libgs9"


Other versions of "libgs9" in Jammy

Repository Area Version
base main 9.55.0~dfsg1-0ubuntu5
updates main 9.55.0~dfsg1-0ubuntu5.10

Changelog

Version: 9.55.0~dfsg1-0ubuntu5.4 2023-08-17 14:07:03 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.4) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
      deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
    - CVE-2023-38559

 -- Allen Huang <email address hidden> Tue, 15 Aug 2023 11:40:49 +0100

Source diff to previous version
CVE-2023-38559 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a den

Version: 9.55.0~dfsg1-0ubuntu5.3 2023-07-10 15:07:00 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.3) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect permission validation for pipe devices
    - debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
      for permission validation in base/gpmisc.c, base/gslibctx.c.
    - debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
      in base/gpmisc.c, base/gslibctx.c.
    - CVE-2023-36664

 -- Marc Deslauriers <email address hidden> Wed, 05 Jul 2023 12:49:52 -0400

Source diff to previous version
CVE-2023-36664 Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Version: 9.55.0~dfsg1-0ubuntu5.2 2023-04-13 21:07:02 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2023-28879.patch: add check to make sure that the
      buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
    - CVE-2023-28879

 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 11:15:40 -0300

Source diff to previous version
CVE-2023-28879 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in

Version: 9.55.0~dfsg1-0ubuntu5.1 2022-09-27 15:07:05 UTC

  ghostscript (9.55.0~dfsg1-0ubuntu5.1) jammy-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference issue
    - debian/patches/CVE-2022-2085.patch: add init_device_procs entry for
      mem_x_device in base/gdevmx.c.
    - CVE-2022-2085

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:05:05 -0400

CVE-2022-2085 A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When alloca



About   -   Send Feedback to @ubuntu_updates