** Changed in: imagemagick (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810517
Title:
re-enable GhostScript in ImageMagick
To manage notifications
Thanks for the context! It makes sense.
Can someone with adequate rights please mark this as Won't Fix, to close
the report? Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810517
Title:
The decision to modify the default ImageMagick policy to prevent calling
Ghostscript was not made on behalf of any single flaw. There are 50
Ghostscript CVEs allocated after this bug report was opened.
PostScript was not designed to handle malicious inputs. Ghostscript was
not designed to execute
Although the security vulnerability in GhostScript that led to this
restriction on converting to and from PostScript and PDF has been
addressed in version 9.24, this restriction remains in place in at least
Ubuntu and Gentoo, and an attempt to remove it in Gentoo has been
stopped, apparently out
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810517
Title:
re-enable GhostScript in ImageMagick
To manage notifications about this bug
In ubuntu 20.04,
ghostscript is at 9.50
(as shown by $ gs--version)
The bug for which the policy workaround was implemented was fixed in gs
version 9.24 as per https://www.kb.cert.org/vuls/id/332928/
So, kindly remove ghostscript policy based mitigations.
--
You received this bug
The underlying security issue has been fixed many years ago:
https://www.kb.cert.org/vuls/id/332928/
This workaround must be removed yesterday.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810517
I have the same errors: (Ubuntu 18.04)
--
akem@akem-HP:~$ convert 3.jpg 3.ps
convert-im6.q16: not authorized `3.ps' @ error/constitute.c/WriteImage/1037.
--
Commenting out the lines you stated in /etc/ImageMagick-6/policy.xml fixed the
problem for me.
Thanks.
--
You received this bug
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: imagemagick (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1810517
Title:
