[El-errata] ELSA-2024-6197 Moderate: Oracle Linux 9 ghostscript security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Sep 4 15:20:50 UTC 2024
Oracle Linux Security Advisory ELSA-2024-6197
http://linux.oracle.com/errata/ELSA-2024-6197.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
ghostscript-9.54.0-17.el9_4.x86_64.rpm
ghostscript-doc-9.54.0-17.el9_4.noarch.rpm
ghostscript-tools-dvipdf-9.54.0-17.el9_4.x86_64.rpm
ghostscript-tools-fonts-9.54.0-17.el9_4.x86_64.rpm
ghostscript-tools-printing-9.54.0-17.el9_4.x86_64.rpm
ghostscript-x11-9.54.0-17.el9_4.x86_64.rpm
libgs-9.54.0-17.el9_4.i686.rpm
libgs-9.54.0-17.el9_4.x86_64.rpm
ghostscript-9.54.0-17.el9_4.i686.rpm
ghostscript-tools-fonts-9.54.0-17.el9_4.i686.rpm
ghostscript-tools-printing-9.54.0-17.el9_4.i686.rpm
libgs-devel-9.54.0-17.el9_4.i686.rpm
libgs-devel-9.54.0-17.el9_4.x86_64.rpm
aarch64:
ghostscript-9.54.0-17.el9_4.aarch64.rpm
ghostscript-doc-9.54.0-17.el9_4.noarch.rpm
ghostscript-tools-dvipdf-9.54.0-17.el9_4.aarch64.rpm
ghostscript-tools-fonts-9.54.0-17.el9_4.aarch64.rpm
ghostscript-tools-printing-9.54.0-17.el9_4.aarch64.rpm
ghostscript-x11-9.54.0-17.el9_4.aarch64.rpm
libgs-9.54.0-17.el9_4.aarch64.rpm
libgs-devel-9.54.0-17.el9_4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ghostscript-9.54.0-17.el9_4.src.rpm
Related CVEs:
CVE-2024-29510
CVE-2024-33869
CVE-2024-33870
Description of changes:
[9.54.0-17]
- RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
- RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction
- RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)
More information about the El-errata
mailing list