It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgs9-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript-dbg": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript-doc": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript-x": "9.26~dfsg+0-0ubuntu0.16.04.9", "libgs9": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript-x-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.9", "libgs-dev-dbgsym": "9.26~dfsg+0-0ubuntu0.16.04.9", "libgs9-common": "9.26~dfsg+0-0ubuntu0.16.04.9", "ghostscript": "9.26~dfsg+0-0ubuntu0.16.04.9", "libgs-dev": "9.26~dfsg+0-0ubuntu0.16.04.9" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ghostscript-dbg": "9.26~dfsg+0-0ubuntu0.18.04.9", "ghostscript-doc": "9.26~dfsg+0-0ubuntu0.18.04.9", "ghostscript-x": "9.26~dfsg+0-0ubuntu0.18.04.9", "libgs9": "9.26~dfsg+0-0ubuntu0.18.04.9", "libgs-dev": "9.26~dfsg+0-0ubuntu0.18.04.9", "libgs9-common": "9.26~dfsg+0-0ubuntu0.18.04.9", "ghostscript": "9.26~dfsg+0-0ubuntu0.18.04.9" } ] }