Thursday, May 1, 2025

[USN-7473-1] Ghostscript vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgThKMFAwAAAAAACgkQZWnYVadEvpM8
Bw/+PmUUPkCdu23BCCD4EN4j7JOhlWKNGLUzOsdqh56OtHgCdsEvSTO5NCZqtwZiG8J5TOdAYXnI
7Oh6Li/uDzPTJwJmb3meqa1Ze8zFjexH3oc0bIjqkmwo2qc4f5xO9K6AGzfNGMqqhRCAzZYNeU0v
prQW80+rmvEbPmeeuOmhH/bKveOzLr47R8i0w4nEX41kAxDslZUhUvI6Z/0uFwpIlLT/4An+CnLo
0z0+3CpVrYL42AvNX1KbrPi/SSaBVnHYQop9aaqqFOaydKqssGNaSnSpRl5GIIwWwmnXlfVmtv+u
fkvLyHQP64L641gDCQJgxQQyC3kj6IJfKmLsYTm28AFMOi97mPpI603TLebSCY/aqlt5446gQpps
m9nlWyEJ+vy6dK7ju/Z75JBFvbxLBWE1NgDgKLsrHZOr43m7q8MrsuDs+UccKEtZ7XpclE+WOJi+
tuHloyZCziLvLOyyPszVr8n7pbIP1lFyWn5lPRNBnpz/7VOoViQGgwZfnrU/EHw7fxaL49Hk5Nph
K/LAQD4XdQleR+m+EbkiXbxSeNLp7uRNf7cvPNdVnxV2sLwkigXK4jzpf5vT3d1TWHNKKTnTK/Vw
vG+vIrbOq9AHlal1TCWOZxyIOAfQjK8PwICxKDMt3o0gVHsX21r/kge9/+lJ850CbuiLgPiPVWYS
+XI=
=Giqf
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7473-1
May 01, 2025

ghostscript vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Ghostscript could be made to crash, run programs, or read files if it
opened a specially crafted file.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
ghostscript 10.03.1~dfsg1-0ubuntu2.3
libgs10 10.03.1~dfsg1-0ubuntu2.3

Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.6
libgs10 10.02.1~dfsg1-0ubuntu7.6

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7473-1
CVE-2025-46646

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.3
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)