Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 3866-1 Critical: ghostscript Denial Of Service Risk

ubuntu
Calendar Grey January 23, 2019
Dist Ubuntu Esm H88
A security flaw in Ghostscript on Ubuntu may enable unauthorized file access or permit the execution of remote code. It is crucial to upgrade to the suggested package releases.
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

Summary

Ghostscript could be made to crash, access files, or run programs if it

opened a specially crafted file.

Software Description:

- ghostscript: PostScript and PDF interpreter

Details:

Tavis Ormandy discovered that Ghostscript incorrectly handled certain

PostScript files. If a user or automated system were tricked into

processing a specially crafted file, a remote attacker could possibly use

this issue to access arbitrary files, execute arbitrary code, or cause a

denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  ghostscript                     9.26~dfsg+0-0ubuntu0.18.10.4
  libgs9                          9.26~dfsg+0-0ubuntu0.18.10.4

Ubuntu 18.04 LTS:
  ghostscript                     9.26~dfsg+0-0ubuntu0.18.04.4
  libgs9                          9.26~dfsg+0-0ubuntu0.18.04.4

Ubuntu 16.04 LTS:
  ghostscript                     9.26~dfsg+0-0ubuntu0.16.04.4
  libgs9                          9.26~dfsg+0-0ubuntu0.16.04.4

Ubuntu 14.04 LTS:
  ghostscript                     9.26~dfsg+0-0ubuntu0.14.04.4
  libgs9                          9.26~dfsg+0-0ubuntu0.14.04.4

In general, a standard system update will make all the necessary changes.

References

CVE-2019-6116

Severity
critical
Lowest
Low
Medium
High
Critical

January 23, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here