No edit summary |
No edit summary Tag: 2017 source edit |
||
(11 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
This page is related to the [[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01 Security Advisory]]. | This page is related to the [[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01 Security Advisory]]. | ||
Line 8: | Line 7: | ||
==How to update - Linux== | ==How to update - Linux== | ||
# Check the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight> | # '''Check '''the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight>delete it:<syntaxhighlight lang="bash"> | ||
delete it:<syntaxhighlight lang="bash"> | rm -fr /usr/local/bin/gs</syntaxhighlight> | ||
rm -fr /usr/local/bin/gs | #'''Check''' the system for an installation out of the package manager (Ghostscript comes as a dependency of ImageMagik):<syntaxhighlight lang="bash"> | ||
</syntaxhighlight> | |||
#Check | |||
dpkg -l ghostscript | dpkg -l ghostscript | ||
</syntaxhighlight>for Debian 11 this should look like:<syntaxhighlight lang="bash"> | </syntaxhighlight>for Debian 11 this should look like:<syntaxhighlight lang="bash"> | ||
Line 24: | Line 21: | ||
ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF | ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF | ||
</syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1" | </syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"<br>For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"<br><br>If it does not match the needed Version please do an:<syntaxhighlight lang="bash"> | ||
For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8" | |||
If it does not match the needed Version please do an<syntaxhighlight lang="bash"> | |||
apt update | apt update | ||
apt upgrade -y | apt upgrade -y | ||
</syntaxhighlight>and recheck. | </syntaxhighlight>and recheck.<br /><br /> | ||
#Change | #'''Change''' the settings in the codebase. <br /><br>Go to the directory where the codebase is saved (check your ApacheConfiguration for''DocumentRoot'' if you are not sure). Normally it should look like this:<syntaxhighlight lang="bash"> | ||
root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | ||
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs'; | 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs'; | ||
</syntaxhighlight>It could be <code>005-PdfHandler.php</code> or some other configuration file.<br /><br /> | |||
</syntaxhighlight> | #'''Find''' '''and change''' the variable to the correct path, for example with this command:<syntaxhighlight lang="bash"> | ||
sed -i 's/local\///g' 005-PdfHandler.php | sed -i 's/local\///g' 005-PdfHandler.php | ||
</syntaxhighlight>Double-check:<syntaxhighlight lang="bash"> | |||
</syntaxhighlight> | |||
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | ||
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs'; | 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs'; | ||
Line 48: | Line 39: | ||
Your system is now patched. | Your system is now patched. | ||
== How to update - Windows == | ==How to update - Windows== | ||
# '''Deinstall''' the package ''GPL Ghostscript''. | #'''Deinstall''' the package ''GPL Ghostscript''. | ||
# '''Download''' the package ''Ghostscript AGPL Release'' from https://www.ghostscript.com/releases/gsdnld.html . | #'''Download''' the package ''Ghostscript AGPL Release'' from https://www.ghostscript.com/releases/gsdnld.html . | ||
# '''Install''' the new package. | #'''Install''' the new package. | ||
Your system is now patched. | Your system is now patched. | ||
__FORCETOC__ | __FORCETOC__ |
Latest revision as of 10:03, 14 November 2023
Overview
This page is related to the BSSA-2023-01 Security Advisory.
Older versions of Ghostscript open a way for script infusion.
Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem.
How to update - Linux
- Check the system for manual installation and delete it:If there is a binary called
ls -al /usr/local/bin
delete it:gs
rm -fr /usr/local/bin/gs
- Check the system for an installation out of the package manager (Ghostscript comes as a dependency of ImageMagik):for Debian 11 this should look like:
dpkg -l ghostscript
For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"root@XXXXXXXXXXXX:~# dpkg -l ghostscript Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/ Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht) ||/ Name Version Architektur Beschreibung +++-==============-=====================-============-=================================================== ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF
For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"
If it does not match the needed Version please do an:and recheck.apt update apt upgrade -y
- Change the settings in the codebase.
Go to the directory where the codebase is saved (check your ApacheConfiguration forDocumentRoot if you are not sure). Normally it should look like this:It could beroot@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs';
005-PdfHandler.php
or some other configuration file. - Find and change the variable to the correct path, for example with this command:Double-check:
sed -i 's/local\///g' 005-PdfHandler.php
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs';
Your system is now patched.
How to update - Windows
- Deinstall the package GPL Ghostscript.
- Download the package Ghostscript AGPL Release from https://www.ghostscript.com/releases/gsdnld.html .
- Install the new package.
Your system is now patched.