{"id":58194,"date":"2024-07-15T23:49:58","date_gmt":"2024-07-15T20:49:58","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179545\/USN-6897-1.txt"},"modified":"2024-07-15T23:49:58","modified_gmt":"2024-07-15T20:49:58","slug":"ubuntu-security-notice-usn-6897-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/ubuntu-security-notice-usn-6897-1\/","title":{"rendered":"Ubuntu Security Notice USN-6897-1"},"content":{"rendered":"<p>==========================================================================<br \/>Ubuntu Security Notice USN-6897-1<br \/>July 15, 2024<\/p>\n<p>ghostscript vulnerabilities<br \/>==========================================================================<\/p>\n<p>A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n<p>&#8211; Ubuntu 24.04 LTS<br \/>&#8211; Ubuntu 22.04 LTS<br \/>&#8211; Ubuntu 20.04 LTS<\/p>\n<p>Summary:<\/p>\n<p>Several security issues were fixed in Ghostscript.<\/p>\n<p>Software Description:<br \/>&#8211; ghostscript: PostScript and PDF interpreter<\/p>\n<p>Details:<\/p>\n<p>It was discovered that Ghostscript incorrectly handled certain long PDF<br \/>filter names. An attacker could possibly use this issue to cause<br \/>Ghostscript to crash, resulting in a denial of service. This issue only<br \/>affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506)<\/p>\n<p>It was discovered that Ghostscript incorrectly handled certain API<br \/>parameters. An attacker could possibly use this issue to cause Ghostscript<br \/>to crash, resulting in a denial of service. This issue only affected Ubuntu<br \/>24.04 LTS. (CVE-2024-29507)<\/p>\n<p>It was discovered that Ghostscript incorrectly handled certain BaseFont<br \/>names. An attacker could use this issue to cause Ghostscript to crash,<br \/>resulting in a denial of service, or possibly execute arbitrary code.<br \/>(CVE-2024-29508)<\/p>\n<p>It was discovered that Ghostscript incorrectly handled certain PDF<br \/>passwords that contained NULL bytes. An attacker could use this issue to<br \/>cause Ghostscript to crash, resulting in a denial of service, or possibly<br \/>execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and<br \/>Ubuntu 24.04 LTS. (CVE-2024-29509)<\/p>\n<p>It was discovered that Ghostscript incorrectly handled certain certain file<br \/>paths when doing OCR. An attacker could use this issue to read arbitrary<br \/>files and write error messages to arbitrary files. This issue only affected<br \/>Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29511)<\/p>\n<p>Update instructions:<\/p>\n<p>The problem can be corrected by updating your system to the following<br \/>package versions:<\/p>\n<p>Ubuntu 24.04 LTS<br \/>ghostscript 10.02.1~dfsg1-0ubuntu7.3<br \/>libgs10 10.02.1~dfsg1-0ubuntu7.3<\/p>\n<p>Ubuntu 22.04 LTS<br \/>ghostscript 9.55.0~dfsg1-0ubuntu5.9<br \/>libgs9 9.55.0~dfsg1-0ubuntu5.9<\/p>\n<p>Ubuntu 20.04 LTS<br \/>ghostscript 9.50~dfsg-5ubuntu4.13<br \/>libgs9 9.50~dfsg-5ubuntu4.13<\/p>\n<p>In general, a standard system update will make all the necessary changes.<\/p>\n<p>References:<br \/>https:\/\/ubuntu.com\/security\/notices\/USN-6897-1<br \/>CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, CVE-2024-29509,<br \/>CVE-2024-29511<\/p>\n<p>Package Information:<br \/>https:\/\/launchpad.net\/ubuntu\/+source\/ghostscript\/10.02.1~dfsg1-0ubuntu7.3<br \/>https:\/\/launchpad.net\/ubuntu\/+source\/ghostscript\/9.55.0~dfsg1-0ubuntu5.9<br \/>https:\/\/launchpad.net\/ubuntu\/+source\/ghostscript\/9.50~dfsg-5ubuntu4.13<\/p>\n","protected":false},"excerpt":{"rendered":"<p>==========================================================================Ubuntu Security Notice USN-6897-1July 15, 2024 ghostscript vulnerabilities========================================================================== A security issue affects these releases of Ubuntu and its derivatives: &#8211; Ubuntu 24.04 LTS&#8211; Ubuntu 22.04 LTS&#8211; Ubuntu 20.04 LTS Summary: Several security issues were fixed in Ghostscript. Software Description:&#8211; ghostscript: PostScript and PDF interpreter Details: It was discovered that Ghostscript incorrectly handled certain long PDFfilter &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58194","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58194"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58194\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}