ghostscript-9.54.0-14.el9

エラータID: AXSA:2023-7027:06

リリース日: 
2023/12/19 Tuesday - 12:46
題名: 
ghostscript-9.54.0-14.el9
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Ghostscript の GhostPDL の gdevijs.c には、SAFER が有効化
されたあとに IJS デバイスを切り替える、もしくは IjsServer
のパラメーターを変更できてしまう問題があるため、リモート
の攻撃者により、細工された PostScript 形式のドキュメントを
介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2023-43115)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
CVE-2023-38559
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ghostscript-9.54.0-14.el9.src.rpm
    MD5: 983ae1a0b669a4f54c45392075e7d9d3
    SHA-256: ddbf3ded9b48eb2ed83e125fd6550fbd65f4a430de495c481611cec12997c5dc
    Size: 53.46 MB

Asianux Server 9 for x86_64
  1. ghostscript-9.54.0-14.el9.i686.rpm
    MD5: 5712238a10f0e2602b35456e014ae703
    SHA-256: 702a41f63003a897cfae6ae5aa1d9c1ec79afa2af2f77c6045b61597e8adbb1a
    Size: 35.92 kB
  2. ghostscript-9.54.0-14.el9.x86_64.rpm
    MD5: 63984e67565115ce1895ae022490e71a
    SHA-256: 7a2f254926254f246301046c79bc3fcf8fbb79602d6f0ba3e8cfaac6ac2afe57
    Size: 35.72 kB
  3. ghostscript-doc-9.54.0-14.el9.noarch.rpm
    MD5: ba74615f811cd49c49073994825e8e2e
    SHA-256: 588c073358b08a21e339d7778f420b813ae381358c0fc8942e06e44cd45ccc96
    Size: 7.77 MB
  4. ghostscript-tools-dvipdf-9.54.0-14.el9.x86_64.rpm
    MD5: cf9522106b1035ccc0347409d412fa8d
    SHA-256: 0b2c7e53ebbaef0f631ad98d496c1d9c2630688b88ac4476b826bd508d2a1a6f
    Size: 10.07 kB
  5. ghostscript-tools-fonts-9.54.0-14.el9.i686.rpm
    MD5: 160b4f2f03783da4e8de6c60da0924e6
    SHA-256: 59525258c2760263d8251d3e305c99799cd04652c5a6a1c208c9b5a658b2366e
    Size: 11.08 kB
  6. ghostscript-tools-fonts-9.54.0-14.el9.x86_64.rpm
    MD5: b4095c0c5efcce727f506d62496c2b59
    SHA-256: 27616f8ee122b414c0b15337af2c890eefb9a130bee082ca921c43a9e117995e
    Size: 11.05 kB
  7. ghostscript-tools-printing-9.54.0-14.el9.i686.rpm
    MD5: 9b9d6fcc8b4788903ce0efc36a234fc8
    SHA-256: 98a6c7750439c3bacc01ebc4aef480386c8baf5bb902ff2d66829cb11d049e82
    Size: 11.06 kB
  8. ghostscript-tools-printing-9.54.0-14.el9.x86_64.rpm
    MD5: 898a167eeaae2c29632be3f3113b2efa
    SHA-256: bd5a28871f00db1945ed6268855c7413ff0d9c3ad5f0bcd6fb0e2a524c6bd80d
    Size: 11.03 kB
  9. ghostscript-x11-9.54.0-14.el9.x86_64.rpm
    MD5: 622e9ac41a9634bd5f784cd725b2693e
    SHA-256: e6335112c51b1f1149302b8cc78b05c524c58bf0be7efe08f8d732c0c8178b18
    Size: 37.17 kB
  10. libgs-9.54.0-14.el9.i686.rpm
    MD5: 89ede12ac2dc5c4d864b99a0374574c6
    SHA-256: e06d0e4c17a7378404cef2afccf1eb78e1bfefa70f0bfe598b8372bffbbd6a51
    Size: 3.26 MB
  11. libgs-9.54.0-14.el9.x86_64.rpm
    MD5: d72a152040f516db751e3a402be22024
    SHA-256: 090fba26e1c28ab985e9f6457684d6dc717e847910a434a5dcc807da840e4b17
    Size: 3.10 MB
  12. libgs-devel-9.54.0-14.el9.i686.rpm
    MD5: ecaa1fddde6c077dc076bf72a74d3137
    SHA-256: d3363d371009b182a783f0315949aafc6883b1a114c54f8d7011cd84ab6c0248
    Size: 20.24 kB
  13. libgs-devel-9.54.0-14.el9.x86_64.rpm
    MD5: 0942592fa3603bf3dac1f5867f8bedf0
    SHA-256: a24d703a88b94e8f4708165e99e1697fc4d0c6fc4c94e7eb70a0aa8ddb7fc12b
    Size: 20.23 kB