Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Ubuntu 24.04 LTS USN-6835-1 Critical: Ghostscript Code Risks

ubuntu
Calendar Grey June 17, 2024
Scroller Ubuntu
Numerous vulnerabilities identified in Ghostscript for Ubuntu versions 20.04 to 24.04 LTS. Review the update guidance and assess the severity of each issue.
Several security issues were fixed in Ghostscript.

Summary

Several security issues were fixed in Ghostscript.

Software Description:

- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript did not properly restrict eexec

seeds to those specified by the Type 1 Font Format standard when

SAFER mode is used. An attacker could use this issue to bypass SAFER

restrictions and cause unspecified impact. (CVE-2023-52722)

This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10.

Thomas Rinsma discovered that Ghostscript did not prevent changes to

uniprint device argument strings after SAFER is activated, resulting

in a format-string vulnerability. An attacker could possibly use this

to execute arbitrary code. (CVE-2024-29510)

Zdenek Hutyra discovered that Ghostscript did not properly perform

path reduction when validating paths. An attacker could use this to

access file locations outside of those allowed by SAFER policy and

possibly execute arbitrary code. (CVE-2024-33869)

Zdenek Hutyra disc...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  ghostscript                     10.02.1~dfsg1-0ubuntu7.1
  ghostscript-doc                 10.02.1~dfsg1-0ubuntu7.1

Ubuntu 23.10
  ghostscript                     10.01.2~dfsg1-0ubuntu2.3
  ghostscript-doc                 10.01.2~dfsg1-0ubuntu2.3
  ghostscript-x                   10.01.2~dfsg1-0ubuntu2.3

Ubuntu 22.04 LTS
  ghostscript                     9.55.0~dfsg1-0ubuntu5.7
  ghostscript-doc                 9.55.0~dfsg1-0ubuntu5.7
  ghostscript-x                   9.55.0~dfsg1-0ubuntu5.7

Ubuntu 20.04 LTS
  ghostscript                     9.50~dfsg-5ubuntu4.12
  ghostscript-doc                 9.50~dfsg-5ubuntu4.12
  ghostscript-x                   9.50~dfsg-5ubuntu4.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6835-1

CVE-2023-52722, CVE-2024-29510, CVE-2024-33869, CVE-2024-33870,

CVE-2024-33871

Severity
critical
Lowest
Low
Medium
High
Critical

Hash: SHA512

Package Information

-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmZwxK4ACgkQ3gXQmO/T
r3yOAQ/+NUTiKTAkI/XpceJpULY0tJiBZR37xhnxiKSuFoAQY5RrRuGxpC6sPXwi
16Xoyo2gvDEfeaV4zn/jCfw4Lf4L1+JNbAOS1Yvnvg0Ags+b/bAUAlMV0E+7Jyap
gVbd7T8c2oIMFFq6S78qi5Gl4kyHYiVAgxZNtJiMztTpF+qG2frcObLIW5JpzQZ3
mZIRtoSAjyhKOoAfq2BXq/nuk0GzXu4wGEN2FEag6VRRW92Ti0rfdYjNYgcQ44Ii
VTM5bYtvIjqI+uLbUEUiPQ91OZ4yg3K/pTRLnIVyoAo95Huqc6N+lZmXD97yokXj
m4BU1iWSFBUS2kf/3aoNtkGqhIv/2sGYs3CNHBC23eE7IXsBbwaCpeF8Ogsx2eKe
phpJMeCtvdTmq4+s0l5r4mwAKhHuvklQGwHe/5sDpJbZTW1qtdWmFzXaiKyHGDDw
0nEyKkRKP0c3yC6I0Aht2gVk/pYiwhpVe5TGICl0lbRXO7DEEU5ns2t+C0xnMBz4
cV2FE6rouRDJTlFPWtLmxT0BpHn+xBMLabEuPFJAlXRjy9dLKPrZVgkXe/9NROQm
hUCuuKAHLKWK8rZC1c3T2DiE9dDQZs9KUZRKB0ZhZzLYC+pGu8DW9Ud6NDMB3LAO
yDANPKeEG+09Ho2u4NbhbuLUMSzvNazZDpm2ZMi1vECul/nZ/ns=
=WJrB
-----END PGP SIGNATURE-----

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.