No edit summary Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
| Line 8: | Line 8: | ||
==How to update - Linux== | ==How to update - Linux== | ||
# Check the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight>delete it:<syntaxhighlight lang="bash"> | # '''Check '''the system for manual installation and delete it:<syntaxhighlight lang="bash">ls -al /usr/local/bin</syntaxhighlight>If there is a binary called<syntaxhighlight lang="bash">gs</syntaxhighlight>delete it:<syntaxhighlight lang="bash"> | ||
rm -fr /usr/local/bin/gs | rm -fr /usr/local/bin/gs</syntaxhighlight> | ||
</syntaxhighlight> | #'''Check '''System for Installation out of Packagemanager(Ghostscript comes as an dependency of ImageMagik)<syntaxhighlight lang="bash"> | ||
#Check System for Installation out of Packagemanager(Ghostscript comes as an dependency of ImageMagik)<syntaxhighlight lang="bash"> | |||
dpkg -l ghostscript | dpkg -l ghostscript | ||
</syntaxhighlight>for Debian 11 this should look like:<syntaxhighlight lang="bash"> | </syntaxhighlight>for Debian 11 this should look like:<syntaxhighlight lang="bash"> | ||
| Line 23: | Line 22: | ||
ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF | ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF | ||
</syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1" | </syntaxhighlight>For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"<br>For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"<br> | ||
For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8" | |||
If it does not match the needed Version please do an<syntaxhighlight lang="bash"> | If it does not match the needed Version please do an<syntaxhighlight lang="bash"> | ||
apt update | apt update | ||
| Line 36: | Line 32: | ||
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs'; | 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs'; | ||
</syntaxhighlight>Could be 005-PdfHandler.php or some other configuration | </syntaxhighlight>Could be <code>005-PdfHandler.php</code> or some other configuration file. Find and change the variable to the correct path, for example with this command:<syntaxhighlight lang="bash"> | ||
sed -i 's/local\///g' 005-PdfHandler.php | sed -i 's/local\///g' 005-PdfHandler.php | ||
</syntaxhighlight> | </syntaxhighlight>Double-check:<syntaxhighlight lang="bash"> | ||
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor | ||
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs'; | 005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs'; | ||
Revision as of 09:39, 28 July 2023
Overview
This page is related to the BSSA-2023-01 Security Advisory.
Older versions of Ghostscript open a way for script infusion.
Because of bugs in the Ghostscript binary out of the BlueSpice package manager, Hallo Welt! mostly installed manually on Linux systems. These bugs no longer seem to be a problem.
How to update - Linux
- Check the system for manual installation and delete it:If there is a binary called
ls -al /usr/local/bin
delete it:gs
rm -fr /usr/local/bin/gs
- Check System for Installation out of Packagemanager(Ghostscript comes as an dependency of ImageMagik)for Debian 11 this should look like:
dpkg -l ghostscript
For Debian 12 the Version is "10.0.0~dfsg-11+deb12u1"root@XXXXXXXXXXXX:~# dpkg -l ghostscript Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/ Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht) ||/ Name Version Architektur Beschreibung +++-==============-=====================-============-=================================================== ii ghostscript 9.53.3~dfsg-7+deb11u5 amd64 interpreter for the PostScript language and for PDF
For Ubuntu 22 the Version is "9.50~dfsg-5ubuntu4.8"
If it does not match the needed Version please do an
apt update
apt upgrade -y
and recheck.
- Change Settings in the codebase
Got to whereever the codebase is saved (check your ApacheConfiguration for DocumentRoot if you are not sure). Normally it should look like this:
root@XXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/local/bin/gs';
Could be 005-PdfHandler.php or some other configuration file. Find and change the variable to the correct path, for example with this command:
sed -i 's/local\///g' 005-PdfHandler.php
Double-check:
root@XXXXXXXXXXX:/var/www/bluespice/w/settings.d# grep -rin PdfProcessor
005-PdfHandler.php:5:$wgPdfProcessor = '/usr/bin/gs';
Your system is now patched.
How to update - Windows
- Deinstall the package GPL Ghostscript.
- Download the package Ghostscript AGPL Release from https://www.ghostscript.com/releases/gsdnld.html .
- Install the new package.
Your system is now patched.
Discussions