Red Hat Security Advisory 2023-4324-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a code execution vulnerability.
ecad6f0874daf4a3b09b04ffd21c09219b2399250e063c15935e1d2ec48a6e71-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: ghostscript security update
Advisory ID: RHSA-2023:4324-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4324
Issue date: 2023-07-31
CVE Names: CVE-2023-36664
=====================================================================
1. Summary:
An update for ghostscript is now available for Red Hat Enterprise Linux 9.0
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.
Security Fix(es):
* ghostscript: vulnerable to OS command injection due to mishandles
permission validation for pipe devices (CVE-2023-36664)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2217798 - CVE-2023-36664 ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v.9.0):
Source:
ghostscript-9.54.0-7.el9_0.1.src.rpm
aarch64:
ghostscript-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-tools-dvipdf-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-tools-fonts-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-tools-printing-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-x11-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
libgs-9.54.0-7.el9_0.1.aarch64.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
noarch:
ghostscript-doc-9.54.0-7.el9_0.1.noarch.rpm
ppc64le:
ghostscript-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-tools-dvipdf-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-tools-fonts-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-tools-printing-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-x11-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
libgs-9.54.0-7.el9_0.1.ppc64le.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
s390x:
ghostscript-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-tools-dvipdf-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-tools-fonts-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-tools-printing-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-x11-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
libgs-9.54.0-7.el9_0.1.s390x.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
x86_64:
ghostscript-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.i686.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-tools-dvipdf-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-tools-fonts-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-tools-printing-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-x11-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
libgs-9.54.0-7.el9_0.1.i686.rpm
libgs-9.54.0-7.el9_0.1.x86_64.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.i686.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v.9.0):
aarch64:
ghostscript-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.aarch64.rpm
libgs-devel-9.54.0-7.el9_0.1.aarch64.rpm
ppc64le:
ghostscript-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.ppc64le.rpm
libgs-devel-9.54.0-7.el9_0.1.ppc64le.rpm
s390x:
ghostscript-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.s390x.rpm
libgs-devel-9.54.0-7.el9_0.1.s390x.rpm
x86_64:
ghostscript-9.54.0-7.el9_0.1.i686.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.i686.rpm
ghostscript-debugsource-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-gtk-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
ghostscript-tools-fonts-9.54.0-7.el9_0.1.i686.rpm
ghostscript-tools-printing-9.54.0-7.el9_0.1.i686.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.i686.rpm
ghostscript-x11-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.i686.rpm
libgs-debuginfo-9.54.0-7.el9_0.1.x86_64.rpm
libgs-devel-9.54.0-7.el9_0.1.i686.rpm
libgs-devel-9.54.0-7.el9_0.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2023-36664
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJkx8MPAAoJENzjgjWX9erEyIQP/2yWUArZxPjWm2BpkHCZNQHt
yUIsI+kQCsmih22gK7HqeU9NW2hpxTDFQ6q2DdyQ/l/7aAWuJDuV0kuRUDp8Vyx3
KS+hAl2Ck4nrzUsDCoLtaQqIqP9KkXWcrTNmJkNeCWGHlKjagKVZmlXDGzElHObU
OiJOYqNgwJNRrrnlFOM5uvqkrC5V4ehH5Fn5L6Pwk8smonHhCyZcuXfYSdja+5Hd
rk4dCCZMJ/sBc91XZQ0bVGZCrJ3fRBjurXYK5ImI8R/IsGINz8VZuQ6fqCI1vvjY
SfJJHJpMO/GvHCIgtz4QzonNKZzSDRnsjPhpZI9CahCGBxUuSCV+n/lcyihVO8VX
AhK29Spqp+kooWurq+HVo8oepbkYYpL/V1IarZPuSVBkWjwW3xn0Aj/R1Tg94wJ0
Aw4RTmPJyWxowSu/VWqnTw3rU3VekGQOyn45CegduwCk7D3kRPR0YbvTxTnKar43
y+67EMNzX1GZ9DlF47ZV6+Qanj7g9QXU8GMMU4qc3FcpWPh6p0Jsme5DL0lWOe3C
okqrO6d4zGRLj9YMHhjFYG3ZsGgPHn1E62qRr7G99tQBnTQWRGbfGqF3XmGNrtD9
RUEd1lBAmRreXC2qkx2X8JTF1CFSZJSA41+dPAHQpdzqIwz62NxGcP/7PsG1lCyo
T288dGZE7XBdZVxYO9vI
=4do9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed