USN-2434-2: Ghostscript vulnerability
8 December 2014
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file.
- ghostscript - PostScript and PDF interpreter
USN-2434-1 fixed a vulnerability in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.