[월:] 2019년 08월

USN-4092-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Ghostscript could be made to access files if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ghostscript – 9.26~dfsg+0-0ubuntu7.2 libgs9 – 9.26~dfsg+0-0ubuntu7.2 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.10 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.10 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.10 libgs9 – 9.26~dfsg+0-0ubuntu0.16.04.10 To update your [ more… ]

USN-4091-1: poppler vulnerability poppler vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary poppler could be made to crash if it received specially crafted PDF. Software Description poppler – PDF rendering library Details It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libpoppler85 – 0.74.0-0ubuntu1.3 poppler-utils – 0.74.0-0ubuntu1.3 Ubuntu 18.04 LTS libpoppler73 – 0.62.0-2ubuntu2.10 poppler-utils – 0.62.0-2ubuntu2.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-14494 Source: USN-4091-1: poppler vulnerability