ghostscript-9.54.0-11.el9
エラータID: AXSA:2023-6559:04
リリース日:
2023/11/06 Monday - 01:42
題名:
ghostscript-9.54.0-11.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Ghostscript の GhostPDL の gdevijs.c には、SAFER が有効化された
あとに IJS デバイスを切り替える、もしくは IjsServer のパラメーター
を変更できてしまう問題があるため、リモートの攻撃者により、細工
された PostScript 形式のドキュメントを介して、任意のコードの実行
を可能とする脆弱性が存在します。(CVE-2023-43115)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
追加情報:
N/A
ダウンロード:
SRPMS
- ghostscript-9.54.0-11.el9.src.rpm
MD5: a6e3c051084f48c3d1736f7b8ad2d3d3
SHA-256: f2614135ff3e2dbb65eadcc6aae7572d212e32dfdcb90006aa4778bb0ead4474
Size: 53.46 MB
Asianux Server 9 for x86_64
- ghostscript-9.54.0-11.el9.i686.rpm
MD5: 7e203992ce275f96cef7449797a997cd
SHA-256: 3bfc06c706cd71af811218b3cd096a3559211067598826599629532e44f99676
Size: 35.74 kB - ghostscript-9.54.0-11.el9.x86_64.rpm
MD5: ccd28db1a8f619b634d0712a3c453415
SHA-256: f97f967abf93e9f8c2aed4dde62fcceef6898ec32df01dbbbf42708a22f10d13
Size: 35.53 kB - ghostscript-doc-9.54.0-11.el9.noarch.rpm
MD5: e2aab4d45e5155cb93b011a0264bd4e7
SHA-256: b266d807277f82227b0843e1f7bc1138a4b8d51866edef5dee89cd00eee110f5
Size: 7.77 MB - ghostscript-tools-dvipdf-9.54.0-11.el9.x86_64.rpm
MD5: 0b9b4f853b115a522c83b8bc5910e2f1
SHA-256: 6ec03af306c6bd8ae2b1629f06ae733ee8bfdefa42052038af62441b35882d3b
Size: 9.91 kB - ghostscript-tools-fonts-9.54.0-11.el9.i686.rpm
MD5: 887f1d0a4632b5f3b392dbf5c1763b72
SHA-256: 8b89028a6a1a512b6f64d8a69614789c6c48a96485cbac56929992c1a14a2f96
Size: 10.91 kB - ghostscript-tools-fonts-9.54.0-11.el9.x86_64.rpm
MD5: 45548937ed415e22feb8bd5bc70583e4
SHA-256: 135ed327397ffcc02f8a6211b32d8b3a9a84161ff309f121598f43bde77a3ced
Size: 10.89 kB - ghostscript-tools-printing-9.54.0-11.el9.i686.rpm
MD5: 4aa5763fa5e03b645c0416dd4c7b8bd4
SHA-256: 0273d7b8b2d97f09a737ca6e0dbd24db4ecddeca9b66a4ce8ae1d6d5276563ce
Size: 10.89 kB - ghostscript-tools-printing-9.54.0-11.el9.x86_64.rpm
MD5: edc67d94b42249982cca7e82c66d44ab
SHA-256: e50d8145526c7815bdaa0eb67378ddf0f2bfcf6a17d838d257b30da622036426
Size: 10.86 kB - ghostscript-x11-9.54.0-11.el9.x86_64.rpm
MD5: 0ec926d5e40ed18e6377231eb82ef63a
SHA-256: ef7b9759defbdf820683045a6fbc6a6b1ecb6077f40bd31bf0fefafa1f511f00
Size: 37.02 kB - libgs-9.54.0-11.el9.i686.rpm
MD5: 67b242c154a51a68a05472b9b53a649f
SHA-256: 7007327f2a7e7fc0d4f8ad61ff129cfdd8b6617ebd4628f38e53b8370da16fe6
Size: 3.26 MB - libgs-9.54.0-11.el9.x86_64.rpm
MD5: e002bd3aca911b98b6ecb25a9cd4c49e
SHA-256: 8d7d5d1483af0ca344eec702a6a32eb6c99c24215260886c84cd8d6bef2c5c33
Size: 3.12 MB - libgs-devel-9.54.0-11.el9.i686.rpm
MD5: 7e45b9d99d45576cd76e9f927f9a7a58
SHA-256: 4b7c7839c984a91e63cd69d994a2292df52891b946d94ff1eceab5c1ede6f098
Size: 20.08 kB - libgs-devel-9.54.0-11.el9.x86_64.rpm
MD5: 7d8369d65b0e4a4110d21b343750bb24
SHA-256: de89be5b8c74d5110f7207a490cef2cf0d6ea016e6488e5c24b71974f2f0ac4b
Size: 20.06 kB