[ubuntu/mantic-security] ghostscript 10.01.2~dfsg1-0ubuntu2.3 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Mon Jun 17 17:32:30 UTC 2024
ghostscript (10.01.2~dfsg1-0ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: Policy bypass via improperly checked eexec seed
- debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
Type 1 standard when SAFER mode is used in zmisc1.c.
- CVE-2023-52722
* SECURITY UPDATE: Arbitrary code execution via uniprint device
- debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
argument strings after SAFER is activated in gdevupd.c.
- CVE-2024-29510
* SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
checked path arguments
- debian/patches/CVE-2024-33869-part1.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- debian/patches/CVE-2024-33869-part2.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- CVE-2024-33869
* SECURITY UPDATE: Path traversal via improperly checked path arguments
- debian/patches/CVE-2024-33870.patch: Add a check for parent directory
prefixes when handling relative paths in gpmisc.c.
- CVE-2024-33870
* SECURITY UPDATE: Arbitrary code execution via custom driver library
- debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
specifies the names of dynamic libraries to be loaded by the opvp/oprp
device in gdevopvp.c
- CVE-2024-33871
Date: 2024-06-05 20:42:10.171479+00:00
Changed-By: Chris Kim <chris.kim at canonical.com>
Signed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list