RLSA-2024:6197

Опубликовано: 07 мая 2025

Источник: rocky

Оценка: Moderate

Описание

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

ghostscript: format string injection leads to shell command execution (SAFER bypass) (CVE-2024-29510)
ghostscript: path traversal and command execution due to path reduction (CVE-2024-33869)
ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths (CVE-2024-33870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
ghostscript	x86_64	17.el9_4	ghostscript-9.54.0-17.el9_4.x86_64.rpm
ghostscript-doc	noarch	17.el9_4	ghostscript-doc-9.54.0-17.el9_4.noarch.rpm
ghostscript-tools-dvipdf	x86_64	17.el9_4	ghostscript-tools-dvipdf-9.54.0-17.el9_4.x86_64.rpm
ghostscript-tools-fonts	x86_64	17.el9_4	ghostscript-tools-fonts-9.54.0-17.el9_4.x86_64.rpm
ghostscript-tools-printing	x86_64	17.el9_4	ghostscript-tools-printing-9.54.0-17.el9_4.x86_64.rpm
ghostscript-x11	x86_64	17.el9_4	ghostscript-x11-9.54.0-17.el9_4.x86_64.rpm
libgs	i686	17.el9_4	libgs-9.54.0-17.el9_4.i686.rpm
libgs	x86_64	17.el9_4	libgs-9.54.0-17.el9_4.x86_64.rpm