Home / ubuntu / Questions / 1527937
Accepted
Adalbert Hanßen
Asked: 2024-09-24 22:00:14 +0800 CST

Why are Security Issues in Ghostscript not yet fixed in Ubuntu?

  • 772

Currently there are several known security issues in Ghostscript:

not fixed in actual Versions of Ubuntu? gs is part of CUPS and therefore on almost every Ubuntu computer. This is a very attractive security target for malicious people!

See for example:

Unfortunately, I don't know much about computer security. But what I have read worries me and I am surprised that the existing version 10.03.1 has not yet been rolled out generally.

updates

1 Answers

  1. Best Answer

    I don't know why you're not fact checking things, but of the posts you've linked and all the CVEs you've listed, these CVEs and issues are already patched in Ubuntu.

    In Ubuntu, security fixes tend to be applied as patches to specific versions rather than a full version update. These "clickbaity" sites you're referring to don't include distro-patching in their circle of assessments.

    When presented with a CVE, you need to check in the Ubuntu CVE Tracker and search the CVE in question and then check if the packages are patched. As Ghostscript is part of CUPS and the Main pocket, it gets security updates from the Security Team.

    Last I checked, all the CVEs you've listed are already patched in supported Ubuntu releases. Therefore, the "issue" is nonexistent as these CVEs are already fixed.

    Please don't rely on third party sites to tell you if something is patched or not. Instead, it is more prudent to do Due Diligence and research whether Ubuntu or your distribution of choice has patches available, which is the case for Ubuntu here.

    • 4