==========================================================================
Ubuntu Security Notice USN-3636-1
April 30, 2018
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description:
– ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly handled certain
PostScript files. An attacker could possibly use this to cause a denial
of server. (CVE-2016-10317)
It was discovered that Ghostscript incorrectly handled certain PDF
files. An attacker could possibly use this to cause a denial of
service. (CVE-2018-10194)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
ghostscript 9.22~dfsg+1-0ubuntu1.1
libgs9 9.22~dfsg+1-0ubuntu1.1
Ubuntu 17.10:
ghostscript 9.21~dfsg+1-0ubuntu3.1
libgs9 9.21~dfsg+1-0ubuntu3.1
Ubuntu 16.04 LTS:
ghostscript 9.18~dfsg~0-0ubuntu2.8
libgs9 9.18~dfsg~0-0ubuntu2.8
Ubuntu 14.04 LTS:
ghostscript 9.10~dfsg-0ubuntu10.12
libgs9 9.10~dfsg-0ubuntu10.12
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3636-1
CVE-2016-10317, CVE-2018-10194
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/9.22~dfsg+1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/ghostscript/9.21~dfsg+1-0ubuntu3.1
https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.8
https://launchpad.net/ubuntu/+source/ghostscript/9.10~dfsg-0ubuntu10.12—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJa51jTAAoJEEW851uECx9pHh4P/1zUdj8BGvN+9bJs/DVWRiPv
k/pVDusZ2uBe8zXdncSxDPuM2ER2Dp0EbUBkchTKRCIqPCaogjqWNCNNcODtyU9Q
L9MVy9a62I1xcYUqXQRfy6TgyxqJKEMT0xiloLxWIkFXct0H7W3+Nh6W7oZAIjRQ
8WBKkYv/aQfmkxYEJtd3vFwwsxGvOHl5e3GP94rvACz2K8U+8+Pj4HLINHz0tyBp
Jna5MRLCX/T6ttcSkTqLqA7xYkETS/aM1PJnnnrAtfhVJSPdkJKsYi3FB4cYtnDp
NaQSvzGwLavXXHEDNKN79IFDmTIh1XyZ4Bf7DfJ1cAPHHKhA/d/O8ktyks7SaYna
IRWBu2/POIkWAPJhNGBoPeMnGNshbcAfsqTy1CwjXdcTUxJH+CdaqAIU3WlRbsYZ
I2grcIFXYcecjOG0h0X/3EG/8vBxZx8YyAUs8eSo/SaOgeEeRBG5l9HzIExq2y0/
X5U21qC9ZByqiuwNcDY1/kzvkwOxPXWNZDwygHVXOBTNIYS05ZX8aoaaXGicK1Uj
DmVo8MxQOL/Xb/XSnBBy5BBljeGlJHjH3WijXNtMh4nSgmXGA8+sPk4l6hFEnDCu
DnSNdWUdTtm2ArsQyMvyAHmuo57KhjUeiS1KvKnzqoszGxe7q7l+5S+AQowgGbyy
8bJI6x2rq/RGUuVElH8v
=ISGY
—–END PGP SIGNATURE—–
—