Описание
ELSA-2024-3999: ghostscript security update (IMPORTANT)
[9.54.0-16]
- RHEL-39110 fix regression discovered in OPVP device
[9.54.0-15]
- RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
ghostscript
9.54.0-16.el9_4
ghostscript-doc
9.54.0-16.el9_4
ghostscript-tools-dvipdf
9.54.0-16.el9_4
ghostscript-tools-fonts
9.54.0-16.el9_4
ghostscript-tools-printing
9.54.0-16.el9_4
ghostscript-x11
9.54.0-16.el9_4
libgs
9.54.0-16.el9_4
libgs-devel
9.54.0-16.el9_4
Oracle Linux x86_64
ghostscript
9.54.0-16.el9_4
ghostscript-doc
9.54.0-16.el9_4
ghostscript-tools-dvipdf
9.54.0-16.el9_4
ghostscript-tools-fonts
9.54.0-16.el9_4
ghostscript-tools-printing
9.54.0-16.el9_4
ghostscript-x11
9.54.0-16.el9_4
libgs
9.54.0-16.el9_4
libgs-devel
9.54.0-16.el9_4
Связанные CVE
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...
