[ubuntu/oracular-proposed] ghostscript 10.02.1~dfsg1-0ubuntu8 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jul 10 18:02:17 UTC 2024 

ghostscript (10.02.1~dfsg1-0ubuntu8) oracular; urgency=medium

  [ Marc Deslauriers }
  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
    - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
      Filters to overflow the debug buffer in pdf/pdf_file.c.
    - CVE-2024-29506
  * SECURITY UPDATE: stack-based buffer overflows
    - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont
      related params in pdf/pdf_font.c, pdf/pdf_warnings.h.
    - CVE-2024-29507
  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
      optimised build in base/gsicc_cache.c.
    - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508
  * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
    - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
      pdf/pdf_sec.c.
    - CVE-2024-29509
  * SECURITY UPDATE: directory traversal issue via OCRLanguage
    - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
      SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdfp.c.
    - CVE-2024-29511

  [ Chris Kim ]
  * SECURITY UPDATE: Arbitrary code execution via uniprint device
    - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
      argument strings after SAFER is activated in gdevupd.c.
    - CVE-2024-29510
  * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
    checked path arguments
    - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
      directory specifier is valid before stripping it from gpmisc.c.
    - CVE-2024-33869
  * SECURITY UPDATE: Path traversal via improperly checked path arguments
    - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
      prefixes when handling relative paths in gpmisc.c.
    - CVE-2024-33870
  * SECURITY UPDATE: Arbitrary code execution via custom driver library
    - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
      specifies the names of dynamic libraries to be loaded by the opvp/oprp
      device in gdevopvp.c
    - CVE-2024-33871

Date: Wed, 10 Jul 2024 13:28:20 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu8
-------------- next part --------------
Format: 1.8
Date: Wed, 10 Jul 2024 13:28:20 -0400
Source: ghostscript
Built-For-Profiles: noudeb
Architecture: source
Version: 10.02.1~dfsg1-0ubuntu8
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 ghostscript (10.02.1~dfsg1-0ubuntu8) oracular; urgency=medium
 .
   [ Marc Deslauriers }
   * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
     - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
       Filters to overflow the debug buffer in pdf/pdf_file.c.
     - CVE-2024-29506
   * SECURITY UPDATE: stack-based buffer overflows
     - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont
       related params in pdf/pdf_font.c, pdf/pdf_warnings.h.
     - CVE-2024-29507
   * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
     name
     - debian/patches/CVE-2024-29508.patch: review printing of pointers in
       base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
       base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
       devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
       psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
     - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
       optimised build in base/gsicc_cache.c.
     - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in
       devices/gdevupd.c.
     - CVE-2024-29508
   * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
     - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
       pdf/pdf_sec.c.
     - CVE-2024-29509
   * SECURITY UPDATE: directory traversal issue via OCRLanguage
     - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
       SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
       devices/vector/gdevpdfp.c.
     - CVE-2024-29511
 .
   [ Chris Kim ]
   * SECURITY UPDATE: Arbitrary code execution via uniprint device
     - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
       argument strings after SAFER is activated in gdevupd.c.
     - CVE-2024-29510
   * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
     checked path arguments
     - debian/patches/CVE-2024-33869-part1.patch: Check that a current working
       directory specifier is valid before stripping it from gpmisc.c.
     - debian/patches/CVE-2024-33869-part2.patch: Check that a current working
       directory specifier is valid before stripping it from gpmisc.c.
     - CVE-2024-33869
   * SECURITY UPDATE: Path traversal via improperly checked path arguments
     - debian/patches/CVE-2024-33870.patch: Add a check for parent directory
       prefixes when handling relative paths in gpmisc.c.
     - CVE-2024-33870
   * SECURITY UPDATE: Arbitrary code execution via custom driver library
     - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
       specifies the names of dynamic libraries to be loaded by the opvp/oprp
       device in gdevopvp.c
     - CVE-2024-33871
Checksums-Sha1:
 7da7da50413b2d37d1ace42668d3e294f810b1ec 2844 ghostscript_10.02.1~dfsg1-0ubuntu8.dsc
 4483a95675c14354cafa508fdf2e0c37c10cfe0b 95408 ghostscript_10.02.1~dfsg1-0ubuntu8.debian.tar.xz
 74a1ae080f21b34ddc92b281d54d2a4b4e3949e8 16639 ghostscript_10.02.1~dfsg1-0ubuntu8_source.buildinfo
Checksums-Sha256:
 720db60d88aecabce241f771b3ef9edf269235035a5eacad60e3f617ab85e435 2844 ghostscript_10.02.1~dfsg1-0ubuntu8.dsc
 35e256da6180774206e29dafa84323d724faeb15caa6102e135a289ba22f525b 95408 ghostscript_10.02.1~dfsg1-0ubuntu8.debian.tar.xz
 eb6e706d6ad79b3bb45c2d929650e160fb0d4957f673c02a6b281f66147b011b 16639 ghostscript_10.02.1~dfsg1-0ubuntu8_source.buildinfo
Files:
 fa5432debb10e6f3516341b47bef22f2 2844 text optional ghostscript_10.02.1~dfsg1-0ubuntu8.dsc
 8423fe14805191d9841032c1bd13c5a6 95408 text optional ghostscript_10.02.1~dfsg1-0ubuntu8.debian.tar.xz
 877b6380cae88cff56fbe443f1cb5441 16639 text optional ghostscript_10.02.1~dfsg1-0ubuntu8_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

More information about the oracular-changes mailing list