You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ghostscript

Sigurnosni nedostaci programskog paketa ghostscript

by - 0

==========================================================================
Ubuntu Security Notice USN-4111-1
August 29, 2019

ghostscript vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Ghostscript could be made to access arbitrary files if it opened a
specially crafted file.

Software Description:
– ghostscript: PostScript and PDF interpreter

Details:

Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript
did not properly restrict privileged calls when ‘-dSAFER’
restrictions were in effect. If a user or automated system were
tricked into processing a specially crafted file, a remote attacker
could possibly use this issue to access arbitrary files.
(CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
ghostscript 9.26~dfsg+0-0ubuntu7.3
libgs9 9.26~dfsg+0-0ubuntu7.3

Ubuntu 18.04 LTS:
ghostscript 9.26~dfsg+0-0ubuntu0.18.04.11
libgs9 9.26~dfsg+0-0ubuntu0.18.04.11

Ubuntu 16.04 LTS:
ghostscript 9.26~dfsg+0-0ubuntu0.16.04.11
libgs9 9.26~dfsg+0-0ubuntu0.16.04.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4111-1
CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu7.3
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.11
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.11

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl1nLf0ACgkQLwmejQBe
gfTaIBAAkcno8u5SgQg+v7OUOAHCbejpOQmdL3GcIRurlFdBnnuC8oMJhexcao0Q
pYsEm8fFl6PtVuf8rQJbDq+5QJJzqS0wnwzUZuhIH9awRG96bdgyiLRFNjIkpoKG
zxsxZs1iOgEd/zAJ4ZAAViyv09zRaiY8NP61KEib1nSoNku30cO5PW9+A689UIC0
6balJGn+ng/xoABLA19NdXza2GS3sFOxFKUd9RMRUaa6g/NzHXqsGPrT8dPJczTo
FxV9OlCUoxO11So2NsRE1aLB/MmKbl/K2P0c8bFyYzLy3d9BYkMXXOalL28y04FV
WWeqKMphCYACalIH7RzalEp7e3p6T6zVIPpFbIGY5gKNMSj0U1N0gPo7Ow/P/DLP
8r8IpJ24lAZ2vGp1AgIQqw+3azNJEghy2sWJIRqVkwglCe3IBqzi2hgrj7KPJXFH
qNMZ02S9Mbyuv94Shn9NvLrnq/Zg+5YU2GzTKJbiQZYJLCaT+ttvIZ1Dh1nWo3xF
idMpRB+u8VMOGhBUBzNiLl13w+QbDFv5G9WI3tmwSLmRF/75mkfJuJ/6fD+kDgAB
53r+a4ZHWyQZ9B7lIaLdjFvSo7Z+8Wb9XcwcscGoqEcv5xeWZYQawI1R619JyBKe
f7MJTx+YHuEbolizwRaHTbgB8iTb6CGmemW1ozbQ44nypTVrMSA=
=5qnI
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ceph

Otkriven je sigurnosni nedostatak u programskom paketu ceph za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close