Ghostscript-Warning with Paperless-ngx LXC

[KapUttyy]

Hi there,

I am running the Paperless-ngx LXC and everything is working fine, but everytime ocrmypdf is consuming a PDF-file I get a warning regarding a CVE-affected version of Ghostscript. I updated the container to the current Paperless version with the update script, but still receive this warning. How can I update the Ghostscript version as recommended?

Best regards
Alex

[WARNING] [ocrmypdf.builtin_plugins.ghostscript] The installed version of Ghostscript 10.0.0, contains a remote code execution security vulnerability. Please upgrade to a newer version. For details see CVE-2023-43115. The issue is not known to affect OCRmyPDF or processing PDFs with Ghostscript, but upgrading Ghostscript is recommended.

[DrSpaldo]

Also getting this

[tteck]

Currently, the Debian package for Bookworm installs Ghostscript version 10.0.0. After creating a backup, you can try manually installing Ghostscript version 10.03.

wget -q http://ftp.debian.org/debian/pool/main/g/ghostscript/ghostscript_10.03.1~dfsg-2_amd64.deb
dpkg -i ghostscript_10.03.1~dfsg-2_amd64.deb

[DrSpaldo]

Thanks for the reply @tteck . I think my problem may be that I originally took the Ubuntu (jammy) version when installing because I had the older version of Proxmox. Now I have updated Proxmox, I never updated this particular container. So that command didn't work for me and I have version 9.55 of ghostscript installed.

I might have to work out if I can back up Paperless and then reinstall using your latest script to Deb

[DrSpaldo]

Unfortunately I can't figure out how to backup and restore Paperless using the script. Has anyone else done it before?

I've read https://docs.paperless-ngx.com/administration/#backup but I am not sure what method works with this script / container install method. The zipping up the entire folder and extracting it over the new install, doesn't work

[sidcha]

@tteck Any way to fix/workaround this issue? The proposed dpkg -i does not work (I'm on a latest default install) as there are many other dependencies that needs to be upgraded. An RCE warning looks very bad IMHO :(.

[cpetry]

If anyone else stumbling on this: the latest version number changed

wget -q http://ftp.debian.org/debian/pool/main/g/ghostscript/ghostscript_10.03.1~dfsg-2_amd64.deb
dpkg -i ghostscript_10.03.1~dfsg-2_amd64.deb

Still didn't work. install failed

[rlkollman]

After updating to paperless-ngx 2.13.0, I was faced with this error, above prescribed fixes didn't help. I used the below post to build ghostscript from scratch (although, this post indicates ghostscript v10.02.1, as of this post, it's at v10.04.0). After a reboot, it's working fine for me, again.

https://forum.yunohost.org/t/paperless-ngx-missingdependencyerror-gs/27643/16#post_17

[KapUttyy]

Works for me, too. Should be part of the Container as from now on 10.0.0 does not work anymore.