ALINUX2-SA-2024:0036: ghostscript security update (Important)

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2024-33871:
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

aarch64
- ghostscript-9.25-5.1.al7.1.aarch64.rpm → (download)
- ghostscript-cups-9.25-5.1.al7.1.aarch64.rpm → (download)
- ghostscript-debuginfo-9.25-5.1.al7.1.aarch64.rpm → (download)
- ghostscript-gtk-9.25-5.1.al7.1.aarch64.rpm → (download)
- libgs-9.25-5.1.al7.1.aarch64.rpm → (download)
- libgs-devel-9.25-5.1.al7.1.aarch64.rpm → (download)
i686
- ghostscript-9.25-5.1.al7.1.i686.rpm → (download)
- ghostscript-cups-9.25-5.1.al7.1.i686.rpm → (download)
- ghostscript-debuginfo-9.25-5.1.al7.1.i686.rpm → (download)
- ghostscript-gtk-9.25-5.1.al7.1.i686.rpm → (download)
- libgs-9.25-5.1.al7.1.i686.rpm → (download)
- libgs-devel-9.25-5.1.al7.1.i686.rpm → (download)
src
- ghostscript-9.25-5.1.al7.1.src.rpm → (download)
x86_64
- ghostscript-9.25-5.1.al7.1.x86_64.rpm → (download)
- ghostscript-cups-9.25-5.1.al7.1.x86_64.rpm → (download)
- ghostscript-debuginfo-9.25-5.1.al7.1.x86_64.rpm → (download)
- ghostscript-gtk-9.25-5.1.al7.1.x86_64.rpm → (download)
- libgs-9.25-5.1.al7.1.x86_64.rpm → (download)
- libgs-devel-9.25-5.1.al7.1.x86_64.rpm → (download)
noarch
- ghostscript-doc-9.25-5.1.al7.1.noarch.rpm → (download)

Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0036

Summary

Severity

Description

References

Updated Packages