ELSA-2023-6732

Опубликовано: 16 нояб. 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-6732: ghostscript security update (IMPORTANT)

[9.54.0-14]

fix for CVE-2023-43115
Resolves: RHEL-10184

[9.54.0-13]

fix for CVE-2023-38559
Resolves: rhbz#2224372

[9.54.0-12]

fix for CVE-2023-36664
Resolves: rhbz#2217810

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

ghostscript

9.54.0-14.el9_3

ghostscript-doc

9.54.0-14.el9_3

ghostscript-tools-dvipdf

9.54.0-14.el9_3

ghostscript-tools-fonts

9.54.0-14.el9_3

ghostscript-tools-printing

9.54.0-14.el9_3

ghostscript-x11

9.54.0-14.el9_3

libgs

9.54.0-14.el9_3

libgs-devel

9.54.0-14.el9_3

Oracle Linux x86_64

ghostscript

9.54.0-14.el9_3

ghostscript-doc

9.54.0-14.el9_3

ghostscript-tools-dvipdf

9.54.0-14.el9_3

ghostscript-tools-fonts

9.54.0-14.el9_3

ghostscript-tools-printing

9.54.0-14.el9_3

ghostscript-x11

9.54.0-14.el9_3

libgs

9.54.0-14.el9_3

libgs-devel

9.54.0-14.el9_3

Связанные CVE

CVE-2023-43115

Ссылки на источники

Связанные уязвимости

CVE-2023-43115

CVSS3: 8.8

ubuntu

почти 2 года назад

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).