Univention Bugzilla – Bug 52102
(ES 4.3) ghostscript
Last modified: 2020-11-30 12:15:37 CET
Provide ghostscript version 9.26a~dfsg-0+deb9u7 for UCS 4.3 First imported at bug #51897 This update addresses the following issues: * Buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS via a crafted PDF file (CVE-2020-16287) * Buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS via a crafted PDF file (CVE-2020-16288) * Buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS via a crafted PDF file (CVE-2020-16289) * Buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS via a crafted PDF file (CVE-2020-16290) * Buffer overflow in contrib/gdevdj9.c could result in a DoS via a crafted PDF file (CVE-2020-16291) * Buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS via a crafted PDF file (CVE-2020-16292) * A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS via a crafted PDF file (CVE-2020-16293) * Buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS via a crafted PDF file (CVE-2020-16294) * A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c could result in a DoS via a crafted PDF file (CVE-2020-16295) * Buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS via a crafted PDF file (CVE-2020-16296) * Buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS via a crafted PDF file (CVE-2020-16297) * Buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS via a crafted PDF file (CVE-2020-16298) * Division by zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS via a crafted PDF file (CVE-2020-16299) * Buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS via a crafted PDF file (CVE-2020-16300) * Buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS via a crafted PDF file (CVE-2020-16301) * Buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation via a crafted PDF file (CVE-2020-16302) * Use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation via a crafted PDF file (CVE-2020-16303) * Buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS via a crafted PDF file (CVE-2020-16304) * Buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS via a crafted PDF file (CVE-2020-16305) * A null pointer dereference vulnerability in devices/gdevtsep.c could result in a DoS via a crafted postscript file (CVE-2020-16306) * A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS via a crafted postscript file (CVE-2020-16307) * Buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS via a crafted PDF file (CVE-2020-16308) * Buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS via a crafted PDF file (CVE-2020-16309) * Division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c could result in a DoS via a crafted PDF file (CVE-2020-16310) * Buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS via a crafted PDF file (CVE-2020-17538)
-> apt-cache policy ghostscript ghostscript: Installiert: 9.26a~dfsg-0+deb9u7 Installationskandidat: 9.26a~dfsg-0+deb9u7 Versionstabelle: *** 9.26a~dfsg-0+deb9u7 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update