Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6017-1

Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#pdf

==========================================================================
Ubuntu Security Notice USN-6017-1
April 13, 2023

ghostscript vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM

Summary:

Ghostscript could be made to crash or run programs as your login if it
received a specially crafted input.

Software Description:

  • ghostscript: PostScript and PDF interpreter

Details:

Hadrien Perrineau discovered that Ghostscript incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
ghostscript 9.56.1~dfsg1-0ubuntu3.1
libgs9 9.56.1~dfsg1-0ubuntu3.1

Ubuntu 22.04 LTS:
ghostscript 9.55.0~dfsg1-0ubuntu5.2
libgs9 9.55.0~dfsg1-0ubuntu5.2

Ubuntu 20.04 LTS:
ghostscript 9.50~dfsg-5ubuntu4.7
libgs9 9.50~dfsg-5ubuntu4.7

Ubuntu 18.04 LTS:
ghostscript 9.26~dfsg+0-0ubuntu0.18.04.18
libgs9 9.26~dfsg+0-0ubuntu0.18.04.18

Ubuntu 16.04 ESM:
ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14+esm5
libgs9 9.26~dfsg+0-0ubuntu0.16.04.14+esm5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6017-1
CVE-2023-28879

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/9.56.1~dfsg1-0ubuntu3.1
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.2
https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.7

https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.18

Related news

CVE-2023-46751: Ghostscript

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

Gentoo Linux Security Advisory 202309-03

Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.

Ubuntu Security Notice USN-6017-2

Ubuntu Security Notice 6017-2 - USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

Debian Security Advisory 5383-1

Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).

CVE-2023-28879: Invalid Bug ID

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution