USN-4469-1: Ghostscript vulnerabilities

Releases

• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• ghostscript - PostScript and PDF interpreter

Details

It was discovered that Ghostscript incorrectly handled certain document
files. If a user or automated system were tricked into processing a
specially crafted file, a remote attacker could use this issue to cause
Ghostscript to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• ghostscript - 9.50~dfsg-5ubuntu4.2
• libgs9 - 9.50~dfsg-5ubuntu4.2

Ubuntu 18.04

• ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.13
• libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.13

Ubuntu 16.04

• ghostscript - 9.26~dfsg+0-0ubuntu0.16.04.13
• libgs9 - 9.26~dfsg+0-0ubuntu0.16.04.13

In general, a standard system update will make all the necessary changes.

References

• CVE-2020-16297
• CVE-2020-16299
• CVE-2020-16310
• CVE-2020-16295
• CVE-2020-16301
• CVE-2020-16302
• CVE-2020-16290
• CVE-2020-16305
• CVE-2020-16296
• CVE-2020-16300
• CVE-2020-16294
• CVE-2020-16292
• CVE-2020-16309
• CVE-2020-16288
• CVE-2020-16307
• CVE-2020-16303
• CVE-2020-16298
• CVE-2020-16293
• CVE-2020-16304
• CVE-2020-16291
• CVE-2020-17538
• CVE-2020-16306
• CVE-2020-16287
• CVE-2020-16308
• CVE-2020-16289