What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0260 - Updated ghostscript packages fix security vulnerability

Publication date: 11 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0260.html
Type: security
Affected Mageia releases: 8, 9
CVE: CVE-2023-36664,
     CVE-2023-38559

Ghostscript through 10.01.2 mishandles permission validation for pipe
devices (with the %pipe% prefix or the | pipe character prefix).
(CVE-2023-36664)

A buffer overflow flaw was found in base/gdevdevn.c:1973 in
devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker
to cause a denial of service via outputting a crafted PDF file for a DEVN
device with gs. (CVE-2023-38559)

References:
- https://bugs.mageia.org/show_bug.cgi?id=32237
- https://www.debian.org/security/2023/dsa-5446
- https://ubuntu.com/security/notices/USN-6213-1
- https://bugs.mageia.org/show_bug.cgi?id=32070
- https://ubuntu.com/security/notices/USN-6297-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38559

SRPMS:
- 8/core/ghostscript-9.53.3-2.6.mga8
- 9/core/ghostscript-10.00.0-6.2.mga9

Mageia 2023-0260: ghostscript security update

Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix)

Summary

Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664)
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. (CVE-2023-38559)

References

- https://bugs.mageia.org/show_bug.cgi?id=32237

- https://www.debian.org/security/2023/dsa-5446

- https://ubuntu.com/security/notices/USN-6213-1

- https://bugs.mageia.org/show_bug.cgi?id=32070

- https://ubuntu.com/security/notices/USN-6297-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38559

Resolution

MGASA-2023-0260 - Updated ghostscript packages fix security vulnerability

SRPMS

- 8/core/ghostscript-9.53.3-2.6.mga8

- 9/core/ghostscript-10.00.0-6.2.mga9

Severity
Publication date: 11 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0260.html
Type: security
CVE: CVE-2023-36664, CVE-2023-38559

Related News

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

Jun 26, 2023

P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants

Sep 22, 2023

Chinese Hackers Use DNS-over-HTTPS for Linux Malware Communication

Jun 15, 2023

Critical LibreOffice Code Execution Vuln Fixed

Jun 8, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback