ELSA-2024-6197

Опубликовано: 03 сент. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-6197: ghostscript security update (MODERATE)

[9.54.0-17]

RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction
RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

ghostscript

9.54.0-17.el9_4

ghostscript-doc

9.54.0-17.el9_4

ghostscript-tools-dvipdf

9.54.0-17.el9_4

ghostscript-tools-fonts

9.54.0-17.el9_4

ghostscript-tools-printing

9.54.0-17.el9_4

ghostscript-x11

9.54.0-17.el9_4

libgs

9.54.0-17.el9_4

libgs-devel

9.54.0-17.el9_4

Oracle Linux x86_64

ghostscript

9.54.0-17.el9_4

ghostscript-doc

9.54.0-17.el9_4

ghostscript-tools-dvipdf

9.54.0-17.el9_4

ghostscript-tools-fonts

9.54.0-17.el9_4

ghostscript-tools-printing

9.54.0-17.el9_4

ghostscript-x11

9.54.0-17.el9_4

libgs

9.54.0-17.el9_4

libgs-devel

9.54.0-17.el9_4

Связанные CVE

CVE-2024-29510

CVE-2024-33870

CVE-2024-33869

Ссылки на источники

Связанные уязвимости

SUSE-SU-2024:2292-1

suse-cvrf

12 месяцев назад

Security update for ghostscript

SUSE-SU-2024:2276-1

suse-cvrf

12 месяцев назад

Security update for ghostscript

ROS-20240923-05

CVSS3: 8.8

redos

9 месяцев назад

Множественные уязвимости ghostscript

CVE-2024-29510

CVSS3: 6.3

ubuntu

12 месяцев назад

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

CVE-2024-29510

CVSS3: 5.5

redhat

около 1 года назад

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.