USN-4193-1: Ghostscript vulnerability

14 November 2019

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

Releases

Packages

  • ghostscript - PostScript and PDF interpreter

Details

Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly
handled certain PostScript files. If a user or automated system were
tricked into processing a specially crafted file, a remote attacker could
possibly use this issue to access arbitrary files, execute arbitrary code,
or cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References