Advisories » MGASA-2023-0290

Updated ghostscript packages fix security vulnerability

Publication date: 19 Oct 2023
Modification date: 19 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-43115

Description

The updated packages fix a security vulnerability:

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead
to remote code execution via crafted PostScript documents because they
can switch to the IJS device, or change the IjsServer parameter, after
SAFER has been activated. (CVE-2023-43115)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32400
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/
• https://ubuntu.com/security/notices/USN-6433-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43115

SRPMS

9/core

• ghostscript-10.00.0-6.3.mga9

8/core

• ghostscript-9.53.3-2.7.mga8