- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4111-1
August 29, 2019
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Ghostscript could be made to access arbitrary files if it opened a
specially crafted file.
Software Description:
– ghostscript: PostScript and PDF interpreter
Details:
Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript
did not properly restrict privileged calls when ‘-dSAFER’
restrictions were in effect. If a user or automated system were
tricked into processing a specially crafted file, a remote attacker
could possibly use this issue to access arbitrary files.
(CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
ghostscript 9.26~dfsg+0-0ubuntu7.3
libgs9 9.26~dfsg+0-0ubuntu7.3
Ubuntu 18.04 LTS:
ghostscript 9.26~dfsg+0-0ubuntu0.18.04.11
libgs9 9.26~dfsg+0-0ubuntu0.18.04.11
Ubuntu 16.04 LTS:
ghostscript 9.26~dfsg+0-0ubuntu0.16.04.11
libgs9 9.26~dfsg+0-0ubuntu0.16.04.11
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4111-1
CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu7.3
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.11
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.11
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl1nLf0ACgkQLwmejQBe
gfTaIBAAkcno8u5SgQg+v7OUOAHCbejpOQmdL3GcIRurlFdBnnuC8oMJhexcao0Q
pYsEm8fFl6PtVuf8rQJbDq+5QJJzqS0wnwzUZuhIH9awRG96bdgyiLRFNjIkpoKG
zxsxZs1iOgEd/zAJ4ZAAViyv09zRaiY8NP61KEib1nSoNku30cO5PW9+A689UIC0
6balJGn+ng/xoABLA19NdXza2GS3sFOxFKUd9RMRUaa6g/NzHXqsGPrT8dPJczTo
FxV9OlCUoxO11So2NsRE1aLB/MmKbl/K2P0c8bFyYzLy3d9BYkMXXOalL28y04FV
WWeqKMphCYACalIH7RzalEp7e3p6T6zVIPpFbIGY5gKNMSj0U1N0gPo7Ow/P/DLP
8r8IpJ24lAZ2vGp1AgIQqw+3azNJEghy2sWJIRqVkwglCe3IBqzi2hgrj7KPJXFH
qNMZ02S9Mbyuv94Shn9NvLrnq/Zg+5YU2GzTKJbiQZYJLCaT+ttvIZ1Dh1nWo3xF
idMpRB+u8VMOGhBUBzNiLl13w+QbDFv5G9WI3tmwSLmRF/75mkfJuJ/6fD+kDgAB
53r+a4ZHWyQZ9B7lIaLdjFvSo7Z+8Wb9XcwcscGoqEcv5xeWZYQawI1R619JyBKe
f7MJTx+YHuEbolizwRaHTbgB8iTb6CGmemW1ozbQ44nypTVrMSA=
=5qnI
—–END PGP SIGNATURE—–
—
| Autor | Josip Papratovic |
| Cert id | NCERT-REF-2019-08-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
