Package "ghostscript"
Name: |
ghostscript
|
Description: |
interpreter for the PostScript language and for PDF
|
Latest version: |
10.02.1~dfsg1-0ubuntu7.1 |
Release: |
noble (24.04) |
Level: |
security |
Repository: |
main |
Homepage: |
https://www.ghostscript.com/ |
Links
Download "ghostscript"
Other versions of "ghostscript" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
ghostscript (10.02.1~dfsg1-0ubuntu7.1) noble-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution via uniprint device
- debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
argument strings after SAFER is activated in gdevupd.c.
- CVE-2024-29510
* SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
checked path arguments
- debian/patches/CVE-2024-33869-part1.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- debian/patches/CVE-2024-33869-part2.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- CVE-2024-33869
* SECURITY UPDATE: Path traversal via improperly checked path arguments
- debian/patches/CVE-2024-33870.patch: Add a check for parent directory
prefixes when handling relative paths in gpmisc.c.
- CVE-2024-33870
* SECURITY UPDATE: Arbitrary code execution via custom driver library
- debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
specifies the names of dynamic libraries to be loaded by the opvp/oprp
device in gdevopvp.c
- CVE-2024-33871
-- Chris Kim <email address hidden> Wed, 05 Jun 2024 10:32:38 -0700
|
About
-
Send Feedback to @ubuntu_updates