Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8 and 9: Moderate RCE Vulnerability in Ghostscript Identified

mageia
Calendar Grey October 19, 2023
Dist Mageia Esm H88
Ghostscript updates released to mitigate significant security risks in Mageia. Discover further insights into the updates and the solutions provided.
The updated packages fix a security vulnerability: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents...

Summary

The updated packages fix a security vulnerability:
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. (CVE-2023-43115)

References

- https://bugs.mageia.org/show_bug.cgi?id=32400

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/

- https://ubuntu.com/security/notices/USN-6433-1

- https://www.cve.org/CVERecord?id=CVE-2023-43115

Topics%20covered

Topics Covered

security advisory moderate security update remote code execution vulnerability Ghostscript Mageia

Resolution

SRPMS

- 8/core/ghostscript-9.53.3-2.7.mga8

- 9/core/ghostscript-10.00.0-6.3.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0290.html
Type: security
CVE: CVE-2023-43115

Topics%20covered

Topics Covered

security advisory moderate security update remote code execution vulnerability Ghostscript Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here