Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Fedora 39: Security Advisory for Ghostscript - Multiple Issues Resolved

fedora
Calendar Grey July 24, 2024
Dist Fedora Esm H88
Fedora 39 has issued security patches for Ghostscript to address various weaknesses in document handling and transformation.
Security fix for CVE-2024-33869 Security fixes for CVE-2024-29509, CVE-2024-29508, CVE-2024-29507, CVE-2024-29506

Summary

This package provides useful conversion utilities based on Ghostscript software,

for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'

PostScript (PS) and Portable Document Format (PDF) page description languages.

Its primary purpose includes displaying (rasterization & rendering) and printing

of document pages, as well as conversions between different document formats.

Update Information:

Security fix for CVE-2024-33869 Security fixes for CVE-2024-29509, CVE-2024-29508, CVE-2024-29507, CVE-2024-29506

Change Log

* Wed Jul 17 2024 Zdenek Dohnal - 10.02.1-7 - 2296285 - CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction * Tue Jul 16 2024 Zdenek Dohnal - 10.02.1-6 - 2295704 - CVE-2024-29509 ghostscript: heap buffer overflow via the PDFPassword parameter - 2295703 - CVE-2024-29508 ghostscript: heap pointer leak in pdf_base_font_alloc() - 2295700 - CVE-2024-29507 ghostscript: stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters - 2295697 - CVE-2024-29506 ghostscript: stack-based buffer overflow in the pdfi_apply_filter()

References


[ 1 ] Bug #2293958 - CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction https://bugzilla.redhat.com/show_bug.cgi?id=2293958 [ 2 ] Bug #2295626 - CVE-2024-29506 ghostscript: stack-based buffer overflow in the pdfi_apply_filter() https://bugzilla.redhat.com/show_bug.cgi?id=2295626 [ 3 ] Bug #2295627 - CVE-2024-29508 ghostscript: heap pointer leak in pdf_base_font_alloc() https://bugzilla.redhat.com/show_bug.cgi?id=2295627 [ 4 ] Bug #2295628 - CVE-2024-29509 ghostscript: heap buffer overflow via the PDFPassword parameter https://bugzilla.redhat.com/show_bug.cgi?id=2295628 [ 5 ] Bug #2295647 - CVE-2024-29507 ghostscript: stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters https://bugzilla.redhat.com/show_bug.cgi?id=2295647

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-52192927d8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ghostscript
Product: Fedora 39
Version: 10.02.1
Release: 7.fc39
Summary: Interpreter for PostScript language & PDF

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.