Univention Bugzilla – Bug 54314
ghostscript: Multiple issues (5.0)
Last modified: 2022-01-12 16:45:07 CET
New Debian ghostscript 9.27~dfsg-2+deb10u5 fixes: This update addresses the following issues: * Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). (CVE-2021-45944) * Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). (CVE-2021-45949)
--- mirror/ftp/pool/main/g/ghostscript/ghostscript_9.27~dfsg-2+deb10u4.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/ghostscript_9.27~dfsg-2+deb10u5.dsc @@ -1,3 +1,9 @@ +9.27~dfsg-2+deb10u5 [Tue, 04 Jan 2022 16:46:59 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Check stack limits after function evaluation (CVE-2021-45944) + * Fix op stack management in sampled_data_continue() (CVE-2021-45949) + 9.27~dfsg-2+deb10u4 [Mon, 24 Aug 2020 17:03:45 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 <http://piuparts.knut.univention.de/5.0-1/#7467599451996234947>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 8097b86303 Bug #54314: ghostscript 9.27~dfsg-2+deb10u5 doc/errata/staging/ghostscript.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) [5.0-1] deec6089f5 Bug #54314: ghostscript 9.27~dfsg-2+deb10u5 doc/errata/staging/ghostscript.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x183>