Package "libgs-common"
Name: |
libgs-common
|
Description: |
interpreter for the PostScript language and for PDF - ICC profiles
|
Latest version: |
10.01.2~dfsg1-0ubuntu2.3 |
Release: |
mantic (23.10) |
Level: |
security |
Repository: |
main |
Head package: |
ghostscript |
Homepage: |
https://www.ghostscript.com/ |
Links
Download "libgs-common"
Other versions of "libgs-common" in Mantic
Changelog
ghostscript (10.01.2~dfsg1-0ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: Policy bypass via improperly checked eexec seed
- debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
Type 1 standard when SAFER mode is used in zmisc1.c.
- CVE-2023-52722
* SECURITY UPDATE: Arbitrary code execution via uniprint device
- debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
argument strings after SAFER is activated in gdevupd.c.
- CVE-2024-29510
* SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
checked path arguments
- debian/patches/CVE-2024-33869-part1.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- debian/patches/CVE-2024-33869-part2.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- CVE-2024-33869
* SECURITY UPDATE: Path traversal via improperly checked path arguments
- debian/patches/CVE-2024-33870.patch: Add a check for parent directory
prefixes when handling relative paths in gpmisc.c.
- CVE-2024-33870
* SECURITY UPDATE: Arbitrary code execution via custom driver library
- debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
specifies the names of dynamic libraries to be loaded by the opvp/oprp
device in gdevopvp.c
- CVE-2024-33871
-- Chris Kim <email address hidden> Mon, 03 Jun 2024 14:47:09 -0700
|
Source diff to previous version |
CVE-2023-52722 |
An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 stand |
|
ghostscript (10.01.2~dfsg1-0ubuntu2.2) mantic-security; urgency=medium
* SECURITY UPDATE: DoS via dangling pointer
- debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
seekable output files in base/gdevprn.c, devices/gdevtsep.c.
- CVE-2023-46751
-- Marc Deslauriers <email address hidden> Mon, 11 Dec 2023 14:22:28 -0500
|
Source diff to previous version |
CVE-2023-46751 |
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the |
|
ghostscript (10.01.2~dfsg1-0ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: code execution via PS documents and IJS device
- debian/patches/CVE-2023-43115.patch: prevent PostScript programs
switching to the IJS device after SAFER has been activated in
devices/gdevijs.c.
- CVE-2023-43115
-- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 08:59:19 -0400
|
CVE-2023-43115 |
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can swi |
|
About
-
Send Feedback to @ubuntu_updates