Ghostscript vulnerability could be used to access arbitrary files in Ubuntu

Pablinux

2 minutes

Vulnerabilities in Ubuntu: Ghostscript and Ceph

A few hours ago, Canonical posted a report in which he talks about a vulnerability in Ghostscript It affects all Ubuntu versions that are still supported in their normal life cycle. Right now, those versions are Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 LTS Bionic Beaver, and Ubuntu 16.04 LTS Xenial Xerus. The affected software is "ghostscript - PostScript and PDF interpreter" and the patches correct a total of 4 CVE vulnerabilities.

The vulnerabilities detected and already corrected are the CVE-2019-14811, CVE-2019-14812, CVE-2019-14813 y CVE-2019-14817, all of them treated as medium urgency. All four share much of a description detailing a 'Safer Mode ByPass by .forceput exposure in» .pdf_hook_DSC_Creator, setuserparams, setsystemparams y.pdfexectoken respectively. The packages to update are ghostscript - 9.26 ~ dfsg + 0-0ubuntu7.3 y libgs9 – 9.26~dfsg+0-0ubuntu7.3 on Ubuntu 19.04, ghostscript - 9.26 ~ dfsg + 0-0ubuntu0.18.04.11 y libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.11 on Ubuntu 18.04 and ghostscript - 9.26 ~ dfsg + 0-0ubuntu0.16.04.11 y libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.11 on Ubuntu 16.04.

The vulnerability in Ghostscript has arrived alongside one in Ceph

This vulnerability in Ghostscript is not the only one that Canonical has released today. Shortly thereafter he has also reported otra, in this case in «ceph - distributed storage and file system«, Which affects Ubuntu 19.04 and Ubuntu 18.04. The fault treated and already corrected is the CVE-2019-10222 and details another vulnerability of medium urgency in which front it could be used to block itself from receiving specially crafted network traffic. A remote attacker could use this flaw to cause denial of service (DoS). The patches to be applied in this case are the ceph - 13.2.6-0ubuntu0.19.04.3 y radosgw - 13.2.6-0ubuntu0.19.04.3 on Ubuntu 19.04 and ceph - 12.2.12-0ubuntu0.18.04.2 y radosgw - 12.2.12-0ubuntu0.18.04.2 on Ubuntu 18.04.

All patches are already available as an update, so applying them and protecting ourselves from the vulnerabilities mentioned in this article is as simple as opening the Software Update application or any software center and apply updates.

Fixed PHP vulnerability
Related article:
Canonical fixes a PHP vulnerability in all supported Ubuntu versions

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Fernando said
    ago 5 years

    The usual, we just have to keep our Ubuntu well updated and there is no reason to be concerned. Thanks for the info.

    Reply to Fernando