Last edited 5 months ago
by Margit Link-Rodrigue

Ghostscript-CVE-2023-36664 - How to fix and Manual:Extension/ContentDroplets/Examples: Difference between pages

(Difference between pages)
VisualWikitext
No edit summary
 
No edit summary
 
Line 1: Line 1:
{{Featurepage|featured=true|featuredesc=Ghostscript-CVE-2023-36664 - How to fix|featurestart=07/28/2023}}  
{{TOClimit|limit=1|nonum=1|notitle=1|noborder=0|fontlarge=0|inline=1}}
==Overview==
==Lists==
This page is related to the [[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01 Security Advisory]].
<div class="sectionflex col3 frame">
<div>
=== Statistics ===
<bs:whoisonlinepopup /> (<bs:whoisonlinecount />)
* Number of characters: <bs:countcharacters mode="chars" />
* Number of files: <bs:countfiles />
* Number of pages: <bs:countarticles />
* Number of users: <bs:countusers />
</div>
<div>
===Booklist===
<bs:booklist filter="author1:Margit Link-Rodrigue" />
</div>
<div>
===Links to this page===
<whatlinkshere count="5" period="-" sort="time" showns="0" />
</div>
<div>
===Members in group===
<bs:userlist groups="sysop" count="10" />
</div>
<div>
===Most visited pages===
<bs:toplist count="6" period="-" />
</div>
<div>
===Data query===
<dataquery modified="+" format="ul" count="6" namespaces="Manual" />
</div>
<div>
===Recent Changes===
<recentchanges count="6" period="-" sort="time" showns="0" />
</div>
<div>
===Subpages===
{{Subpages|parentnamespace=Manual|parentpage=Extension/ContentDroplets|cols=no|bullets=yes}}
</div>
<div>
===My last visited pages===
<bs:pagesvisited count="6" maxtitlelength="30" order="time" />
</div>
<div>
===My watchlist===
<bs:watchlist count="6" maxtitlelength="30" order="time" />
</div>
</div>
==Visual formatting==
<div class="sectionflex col3 frame">
<div>
===Button===
{{ButtonLink|external=no|target=Main Page|label=My page 1|format=blue}}&nbsp;{{ButtonLink|external=no|target=Main Page|label=My page 2|format=red}}&nbsp;{{ButtonLink|external=no|target=Main Page|label=My page 3|format=white}}
</div>
<div>
===Modal button===
{{ModalDialog|title=Legal notice|btnLabel=Google.com|body=You are leaving this website. We are not responsible for any content beyond this point.


Older versions of Ghostscript open a way for script infusion.
[https://google.com Visit google.com]|bgcolor=blue|footer=}}
</div>
<div>
===Circled number===
{{CircledNumber|bgColor=#3e5389|fgColor=white|number=1}} Preheat oven to 425°F


Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem.
{{CircledNumber|bgColor=#3e5389|fgColor=white|number=2}} Mix all the ingredients
==How to update  - Linux==


# '''Check '''the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight>delete it:<syntaxhighlight lang="bash">
{{CircledNumber|bgColor=#3e5389|fgColor=white|number=3}} Bake for 40 minutes
rm -fr /usr/local/bin/gs</syntaxhighlight>
#'''Check''' the system for an installation out of the package manager (Ghostscript comes as a dependency of ImageMagik):<syntaxhighlight lang="bash">
dpkg -l ghostscript
</syntaxhighlight>for  Debian 11 this should look like:<syntaxhighlight lang="bash">
root@XXXXXXXXXXXX:~# dpkg -l ghostscript
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
        Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name          Version              Architektur  Beschreibung
+++-==============-=====================-============-===================================================
ii  ghostscript    9.53.3~dfsg-7+deb11u5 amd64        interpreter for the PostScript language and for PDF


</syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"<br>For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"<br><br>If it does not match the needed Version please do an:<syntaxhighlight lang="bash">
{{CircledNumber|bgColor=#3e5389|fgColor=white|number=4}} Take out and let cool 30 mintes
apt update
apt upgrade -y
</syntaxhighlight>and recheck.
#'''Change''' the settings in the codebase. <br>Go to the directory where the codebase is saved (check your ApacheConfiguration for''DocumentRoot'' if you are not sure). Normally it should look like this:<syntaxhighlight lang="bash">
root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs';


</syntaxhighlight>It could be <code>005-PdfHandler.php</code> or some other configuration file.
{{CircledNumber|bgColor=#3e5389|fgColor=white|number=5}} Eat
#'''Find''' '''and change''' the variable to the correct path, for example with this command:<syntaxhighlight lang="bash">
</div>
sed -i 's/local\///g' 005-PdfHandler.php
<div>
=== {{Icon|bi bi-broadcast|||}} Icon===
{{Icon|bi bi-book|||}}  User manual


</syntaxhighlight>Double-check:<syntaxhighlight lang="bash">
{{Icon|bi bi-arrow-right-circle|||}}  Go to "Releases"
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs';


{{Icon|bi bi-gear|||}}  Admin info
{{Icon|bi bi-graph-up|||}}  Business updates
</div>
<div>
===Code===
<syntaxhighlight lang="css">
/* Container holding the image and the text */
.container {
  position: relative;
}
/* Bottom right text */
.text-block {
  position: absolute;
  bottom: 20px;
  right: 20px;
  padding-left: 20px;
  padding-right: 20px;
}
</syntaxhighlight>
</syntaxhighlight>
</div>
<div>
===Math===
<math>x=\frac{-b\pm\sqrt{b^2-4ac}}{2a}</math>
</div>
<div>
===Chem===
<chem>H2NCO2- + H2O <=> NH4+ + CO3^2-</chem>
</div>
<div>
</div>
<div>
</div>
</div>
==Form fields==
===Create page===
{{CreateInput|alignment=left|buttonlabel=Create minutes|preload=Manual:Extension/ContentDroplets/Checklist|placeholder=Enter page name|prefix=Minutes/}}
<br><br>
<div class="sectionflex col3 frame" style="clear:both">
<div>
=== Section filter example 1===
<containerfilter></containerfilter>
{| class="wikitable"
!City
!Country
|-
|Munich
|Germany
|-
|Hamburg
|Germany
|-
|Vienna
|Austria
|-
|Salzburg
|Austria
|}
</div>
<div>
=== Section filter example 2===
<containerfilter selector=".mylist li" />
<div class="mylist">
* Apple, pear, orange
*Apple
*Orange
*Orange, grape
*Grape
</div>
</div>
<div>
===Checklist===
(Checklist status is only saved for users with "edit" permissions)
<bs:checklist type="list" value="false" list="Template:JF Status" />
<br>
[[Manual:Extension/ContentDroplets/Checklist|See example "Meeting minutes"]]
</div>
<div>
=== Checkbox===
(Checkbox status is only saved for users with "edit" permissions)
<bs:checkbox checked="false" /> Generate wiki instance
<bs:checkbox checked="false" /> Create user "customer"
<bs:checkbox checked="false" /> Send password to customer
</div>
<div>
<bs:tagsearch type="wikipage" namespace="Setup" operator="AND" />
</div>
</div>
==Other==
<div class="sectionflex col2 frame">
<div>
===Messages===
{{Textbox|boxtype=note|header=|text=This is a Note Message.|icon=yes}}
{{Textbox|boxtype=important|header=|text=This is an Important Message.|icon=yes}}
{{Textbox|boxtype=tip|header=|text=This is a  Tip Message.|icon=yes}}
{{Textbox|boxtype=warning|header=|text=This is a Warning message.|icon=yes}}
{{Textbox|boxtype=neutral|header=|text=This is a generic message.|icon=yes}}
</div>
<div>
===Progress===
'''Output'''<div><bs:statistics:progress basecount="5" progressitem="closed" width="300" baseitem="Statecheck:" /></div><br />
* This is my topic 1 (Statecheck:open)
*This is my topic 2 (Statecheck:closed)
*This is my topic 3 (Statecheck:closed)
*This is my topic 4 (Statecheck:closed)
*This is my topic 5 (Statecheck:closed)
</div>
</div>
=== Pros and cons===
{{ProConList|title-advantages=Advantages|title-disadvantages=Disadvantages|advantages=* affordable
* well-known
* easily accessible|disadvantages=* somewhat dated look and feel
* not customizable
* GDPR compliance unclear}}


Your system is now patched.
===Attachments===
<attachments>


==How to update  -  Windows==
</attachments>


#'''Deinstall''' the package ''GPL Ghostscript''.
===Tag cloud===
#'''Download''' the package ''Ghostscript AGPL Release'' from https://www.ghostscript.com/releases/gsdnld.html .
<bs:tagcloud renderer="text" store="category" width="100%" showcount="true" minsize="14" maxsize="30" exclude="Pages using Dynamic PageList parser function" />
#'''Install''' the new package.


Your system is now patched.
===Map===
This droplet currently does not work correctly. Bug ticket exists.{{Map|Munich, Germany|Marienplatz, Munich~Famous tourist attraction|}}


__FORCETOC__
=== Signature ===
<bs:signhere />

Revision as of 17:34, 16 August 2023

Lists

Statistics

Who is online? (0)

  • Number of characters:
  • Number of files: 1012
  • Number of pages: 670
  • Number of users: 56

Links to this page

No results found.

Most visited pages

  1. Main Page (1064921)
  2. Release Notes (50948)
  3. Installation Guide (39536)
  4. Security Advisories (31143)
  5. Sandkasten-11346612.drawio.png (25777)
  6. Preferences (23781)

Subpages

My last visited pages

To see pages you have visited, please log in to your account

My watchlist

Watchlist cannot be displayed because no user is logged in

Visual formatting

Modal button

Google.com

Circled number

1 Preheat oven to 425°F

2 Mix all the ingredients

3 Bake for 40 minutes

4 Take out and let cool 30 mintes

5 Eat

Icon

User manual

Go to "Releases"

Admin info

Business updates

Code

/* Container holding the image and the text */
.container {
  position: relative;
}
/* Bottom right text */
.text-block {
  position: absolute;
  bottom: 20px;
  right: 20px;
  padding-left: 20px;
  padding-right: 20px;
}

Math

Chem

Form fields

Create page



Section filter example 1


City Country
Munich Germany
Hamburg Germany
Vienna Austria
Salzburg Austria

Section filter example 2


  • Apple, pear, orange
  • Apple
  • Orange
  • Orange, grape
  • Grape

Checklist

(Checklist status is only saved for users with "edit" permissions)



See example "Meeting minutes"

Checkbox

(Checkbox status is only saved for users with "edit" permissions)

Generate wiki instance

Create user "customer"

Send password to customer

Other

Messages

This is a Note Message.
This is an Important Message.
This is a Tip Message.
This is a Warning message.
This is a generic message.

Progress

Output
100.0%

  • This is my topic 1 (Statecheck:open)
  • This is my topic 2 (Statecheck:closed)
  • This is my topic 3 (Statecheck:closed)
  • This is my topic 4 (Statecheck:closed)
  • This is my topic 5 (Statecheck:closed)

Pros and cons

Advantages Disadvantages
  • affordable
  • well-known
  • easily accessible
  • somewhat dated look and feel
  • not customizable
  • GDPR compliance unclear

Attachments


Tag cloud

Map

This droplet currently does not work correctly. Bug ticket exists.

Loading map...

Signature

Signatures


To submit feedback about this documentation, visit our community forum.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Ghostscript-CVE-2023-36664_-_How_to_fix&oldid=7298"
No categories assignedEdit

Discussions