Fedora Linux 8799 Published by

A ghostscript security update has been released for Fedora 41:

[SECURITY] Fedora 41 Update: ghostscript-10.03.1-4.fc41




[SECURITY] Fedora 41 Update: ghostscript-10.03.1-4.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-69af78a508
2024-11-17 02:14:11.527435
--------------------------------------------------------------------------------

Name : ghostscript
Product : Fedora 41
Version : 10.03.1
Release : 4.fc41
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

--------------------------------------------------------------------------------
Update Information:

CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript
Pattern Color Space (fedora#2325238)
2325241 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955
CVE-2024-46956 ghostscript: various flaws [fedora-41]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 12 2024 Zdenek Dohnal [zdohnal@redhat.com] - 10.03.1-4
- CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space (fedora#2325238)
- 2325241 - CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various flaws [fedora-41]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2325041 - CVE-2024-46952 ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
https://bugzilla.redhat.com/show_bug.cgi?id=2325041
[ 2 ] Bug #2325042 - CVE-2024-46955 ghostscript: Out-of-Bounds Read in Ghostscript Indexed Color Space
https://bugzilla.redhat.com/show_bug.cgi?id=2325042
[ 3 ] Bug #2325043 - CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
https://bugzilla.redhat.com/show_bug.cgi?id=2325043
[ 4 ] Bug #2325044 - CVE-2024-46954 ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
https://bugzilla.redhat.com/show_bug.cgi?id=2325044
[ 5 ] Bug #2325045 - CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
https://bugzilla.redhat.com/show_bug.cgi?id=2325045
[ 6 ] Bug #2325047 - CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
https://bugzilla.redhat.com/show_bug.cgi?id=2325047
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-69af78a508' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--