Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6213-1

Ubuntu Security Notice 6213-1 - It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#pdf

==========================================================================
Ubuntu Security Notice USN-6213-1
July 10, 2023

ghostscript vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.04
  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

Ghostscript could be made to run programs if it opened a specially crafted
file.

Software Description:

  • ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled pipe devices. If a
user or automated system were tricked into opening a specially crafted PDF
file, a remote attacker could use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
ghostscript 10.0.0~dfsg1-0ubuntu1.2

Ubuntu 22.10:
ghostscript 9.56.1~dfsg1-0ubuntu3.2

Ubuntu 22.04 LTS:
ghostscript 9.55.0~dfsg1-0ubuntu5.3

Ubuntu 20.04 LTS:
ghostscript 9.50~dfsg-5ubuntu4.8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6213-1
CVE-2023-36664

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ghostscript/9.56.1~dfsg1-0ubuntu3.2
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.3
https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.8

Related news

CVE-2023-46751: Ghostscript

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

Gentoo Linux Security Advisory 202309-03

Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "unauthorized remote code execution, which means an attacker would have

Debian Security Advisory 5446-1

Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.

CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution