Package "libgs10"

Name:	libgs10
Description:	interpreter for the PostScript language and for PDF - Library
Latest version:	10.02.1~dfsg1-0ubuntu7.3
Release:	noble (24.04)
Level:	security
Repository:	main
Head package:	ghostscript
Homepage:	https://www.ghostscript.com/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libgs10"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libgs10" in Noble

Repository	Area	Version
base	main	10.02.1~dfsg1-0ubuntu7
updates	main	10.02.1~dfsg1-0ubuntu7.3

Changelog

Version: 10.02.1~dfsg1-0ubuntu7.3 2024-07-15 15:07:37 UTC

ghostscript (10.02.1~dfsg1-0ubuntu7.3) noble-security; urgency=medium * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad Filters to overflow the debug buffer in pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack-based buffer overflows - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont related params in pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont name - debian/patches/CVE-2024-29508.patch: review printing of pointers in base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c, devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c, psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in devices/gdevupd.c. - CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in pdf/pdf_sec.c. - CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via OCRLanguage - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. - debian/patches/CVE-2024-29511-2.patch: original fix was overly aggressive in devices/gdevocr.c, devices/gdevpdfocr.c, devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c. - CVE-2024-29511 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2024 12:07:09 -0400

Source diff to previous version

CVE-2024-29506	Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-29507	Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVE-2024-29508	Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_allo
CVE-2024-29509	Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
CVE-2024-29511	Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing o

Version: 10.02.1~dfsg1-0ubuntu7.1 2024-06-17 20:07:27 UTC

Version: 10.02.1~dfsg1-0ubuntu7.1	2024-06-17 20:07:27 UTC
ghostscript (10.02.1~dfsg1-0ubuntu7.1) noble-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution via uniprint device - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device argument strings after SAFER is activated in gdevupd.c. - CVE-2024-29510 * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly checked path arguments - debian/patches/CVE-2024-33869-part1.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - debian/patches/CVE-2024-33869-part2.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - CVE-2024-33869 * SECURITY UPDATE: Path traversal via improperly checked path arguments - debian/patches/CVE-2024-33870.patch: Add a check for parent directory prefixes when handling relative paths in gpmisc.c. - CVE-2024-33870 * SECURITY UPDATE: Arbitrary code execution via custom driver library - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that specifies the names of dynamic libraries to be loaded by the opvp/oprp device in gdevopvp.c - CVE-2024-33871 -- Chris Kim <email address hidden> Wed, 05 Jun 2024 10:32:38 -0700

ghostscript (10.02.1~dfsg1-0ubuntu7.1) noble-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution via uniprint device - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device argument strings after SAFER is activated in gdevupd.c. - CVE-2024-29510 * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly checked path arguments - debian/patches/CVE-2024-33869-part1.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - debian/patches/CVE-2024-33869-part2.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - CVE-2024-33869 * SECURITY UPDATE: Path traversal via improperly checked path arguments - debian/patches/CVE-2024-33870.patch: Add a check for parent directory prefixes when handling relative paths in gpmisc.c. - CVE-2024-33870 * SECURITY UPDATE: Arbitrary code execution via custom driver library - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that specifies the names of dynamic libraries to be loaded by the opvp/oprp device in gdevopvp.c - CVE-2024-33871 -- Chris Kim <email address hidden> Wed, 05 Jun 2024 10:32:38 -0700

About - Send Feedback to @ubuntu_updates

Package "libgs10"

Links

Download "libgs10"

Other versions of "libgs10" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates