Ubuntu 24.x: USN-7103-1 critical: Ghostscript denial of service

ubuntu

November 12, 2024

Several security issues were fixed in Ghostscript.

Summary

Several security issues were fixed in Ghostscript.

Software Description:

- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled parsing certain PS

files. An attacker could use this issue to cause Ghostscript to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)

It was discovered that Ghostscript incorrectly handled parsing certain PDF

files. An attacker could use this issue to cause Ghostscript to crash,

resulting in a denial of service, or possibly execute arbitrary code. This

issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.

(CVE-2024-46952)

It was discovered that Ghostscript incorrectly handled parsing certain PS

files. An attacker could use this issue to cause Ghostscript to crash,

resulting in a denial of service, or possibly bypass file path validation.

This issue only affected Ubun...

Read the Full Advisory

Topics Covered

security advisory denial of service security issue software update ghostscript ubuntu

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   ghostscript                     10.03.1~dfsg1-0ubuntu2.1
   libgs10                         10.03.1~dfsg1-0ubuntu2.1

Ubuntu 24.04 LTS
   ghostscript                     10.02.1~dfsg1-0ubuntu7.4
   libgs10                         10.02.1~dfsg1-0ubuntu7.4

Ubuntu 22.04 LTS
   ghostscript                     9.55.0~dfsg1-0ubuntu5.10
   libgs9                          9.55.0~dfsg1-0ubuntu5.10

Ubuntu 20.04 LTS
   ghostscript                     9.50~dfsg-5ubuntu4.14
   libgs9                          9.50~dfsg-5ubuntu4.14

In general, a standard system update will make all the necessary changes.