USN-7103-1: Ghostscript vulnerabilities

Releases

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• ghostscript - PostScript and PDF interpreter

Details

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)

It was discovered that Ghostscript incorrectly handled parsing certain PDF
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
(CVE-2024-46952)

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2024-46954)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• ghostscript - 10.03.1~dfsg1-0ubuntu2.1
• libgs10 - 10.03.1~dfsg1-0ubuntu2.1

Ubuntu 24.04

• ghostscript - 10.02.1~dfsg1-0ubuntu7.4
• libgs10 - 10.02.1~dfsg1-0ubuntu7.4

Ubuntu 22.04

• ghostscript - 9.55.0~dfsg1-0ubuntu5.10
• libgs9 - 9.55.0~dfsg1-0ubuntu5.10

Ubuntu 20.04

• ghostscript - 9.50~dfsg-5ubuntu4.14
• libgs9 - 9.50~dfsg-5ubuntu4.14

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-46954
• CVE-2024-46953
• CVE-2024-46952
• CVE-2024-46951
• CVE-2024-46955
• CVE-2024-46956