{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:5459","synopsis":"Important: ghostscript security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for ghostscript.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.\n\nSecurity Fix(es):\n\n* ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices (CVE-2023-36664)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2217798","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2217798","description":""}],"cves":[{"name":"CVE-2023-36664","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-36664","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"8.4","cwe":"CWE-78"}],"references":[],"publishedAt":"2023-10-06T22:58:14.383585Z","rpms":{"Rocky Linux 9":{"nvras":["ghostscript-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-0:9.54.0-10.el9_2.src.rpm","ghostscript-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-debugsource-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-doc-0:9.54.0-10.el9_2.noarch.rpm","ghostscript-tools-dvipdf-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-tools-fonts-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-tools-printing-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-x11-0:9.54.0-10.el9_2.aarch64.rpm","ghostscript-x11-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm","libgs-0:9.54.0-10.el9_2.aarch64.rpm","libgs-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm","libgs-devel-0:9.54.0-10.el9_2.aarch64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}
Rocky Linux: RLSA-2023:5459 ghostscript security update
October 6, 2023
An update is available for ghostscript.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Summary
An update is available for ghostscript. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices (CVE-2023-36664) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
ghostscript-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-0:9.54.0-10.el9_2.src.rpm
ghostscript-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-debugsource-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-doc-0:9.54.0-10.el9_2.noarch.rpm
ghostscript-tools-dvipdf-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-tools-fonts-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-tools-printing-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-x11-0:9.54.0-10.el9_2.aarch64.rpm
ghostscript-x11-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm
libgs-0:9.54.0-10.el9_2.aarch64.rpm
libgs-debuginfo-0:9.54.0-10.el9_2.aarch64.rpm
libgs-devel-0:9.54.0-10.el9_2.aarch64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
Severity
Name: RLSA-2023:5459
Affected Products: Rocky Linux 9
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2217798
News
HOWTOs
About Us
Powered By
