-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmflcAcFAwAAAAAACgkQZWnYVadEvpM9
1g/+M7yms/qcdwxD4pu5mdNxBs4Wcb6gzym7KH0cMVrSFLWBCHL1tuhtyNfjh33z5g07badrp4eb
Y/kHqJvagQt2ug3uKKrIFWfYi3Wyg3YrzNM8oh0Rn1kMJLpPJXyxjfIkAZmBk9Ys53KbBbqpGDHk
C+Wb35HCIHkbYmknSj0pOvmDn+VVJQnEf/Rsevf4GbluXYo1I932G71KsHDYVkiwKOotzILwq2Ya
FfdmWeI3u4slqVW9lAcIQlssGj5mXX1Gl6IHLKdISfW4UAj8ktCnWjBz2CdsEAudzFwMnJuSRp/j
8jgdGXsCpuIXibc2fvSsRGgeOOdt6DxepjK5/6jVsJFJmC1KODtQHsC3Jwsc5BmxZw+Q7kFnUKqi
GcrBOs/3zNr79I5Aupqvl2h46vRW3SSctG8FuOYfgZrZ/VJk/pWR3yWB5sHQBvPk/5b9kvIHIomj
KazFN91bgwJmvshiqibj99nMHNSTjtSFESvFBo36rimdcwAq2zTSoiZejAZAOppQ8rHDHM6MWq0V
ZKKGoHo0bzkez9JeK8pqyeSMGyNATyeRDgzLBtUGprW6ar2LGFMOAruxYmpwh+SmLygsTLWOCQSM
DjgvuBSFhSKAnDk8XTWaXKlS5PYvMgJPSn5oYyYlzviBlihCh50y9fhRMZz34tJsAav0TuVixaJn
nx0=
=PGPg
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7378-1
March 27, 2025
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly serialized DollarBlend in
certain fonts. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-27830)
It was discovered that Ghostscript incorrectly handled the DOCXWRITE
TXTWRITE device. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and
Ubuntu 24.10. (CVE-2025-27831)
It was discovered that Ghostscript incorrectly handled the NPDL device. An
attacker could use this issue to cause Ghostscript to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-27832)
It was discovered that Ghostscript incorrectly handled certain long TTF
file names. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2025-27833)
It was discovered that Ghostscript incorrectly handled oversized Type 4
functions in certain PDF documents. An attacker could use this issue to
cause Ghostscript to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2025-27834)
It was discovered that Ghostscript incorrectly handled converting certain
glyphs to Unicode. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-27835)
It was discovered that Ghostscript incorrectly handled the BJ10V device. An
attacker could use this issue to cause Ghostscript to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2025-27836)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
ghostscript 10.03.1~dfsg1-0ubuntu2.2
libgs10 10.03.1~dfsg1-0ubuntu2.2
Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.5
libgs10 10.02.1~dfsg1-0ubuntu7.5
Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.11
libgs9 9.55.0~dfsg1-0ubuntu5.11
Ubuntu 20.04 LTS
ghostscript 9.50~dfsg-5ubuntu4.15
libgs9 9.50~dfsg-5ubuntu4.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7378-1
CVE-2025-27830, CVE-2025-27831, CVE-2025-27832, CVE-2025-27833,
CVE-2025-27834, CVE-2025-27835, CVE-2025-27836
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.2
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.5
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.11
https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.15
No comments:
Post a Comment