USN-6017-1: Ghostscript vulnerability
13 April 2023
Ghostscript could be made to crash or run programs as your login if it received a specially crafted input.
Releases
Packages
- ghostscript - PostScript and PDF interpreter
Details
Hadrien Perrineau discovered that Ghostscript incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
ghostscript
-
9.26~dfsg+0-0ubuntu0.16.04.14+esm5
Available with Ubuntu Pro
-
libgs9
-
9.26~dfsg+0-0ubuntu0.16.04.14+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6017-2: libgs10, libgs9-common, ghostscript-x, ghostscript-doc, libgs10-common, libgs-common, ghostscript, libgs-dev