ALAS-2024-2708

Amazon Linux 2 Security Advisory: ALAS-2024-2708
Advisory Release Date: 2024-12-05 01:02 Pacific
Advisory Updated Date: 2024-12-19 16:00 Pacific
Severity: Important
Issue Overview:

PS interpreter - check the type of the Pattern Implementation

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee (ghostpdl-10.04.0) (CVE-2024-46951)

Check for overflow validating format string

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0) (CVE-2024-46953)

PostScript interpreter - fix buffer length check

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0) (CVE-2024-46956)


Affected Packages:

ghostscript


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
aarch64:
    ghostscript-9.54.0-9.amzn2.0.7.aarch64
    libgs-9.54.0-9.amzn2.0.7.aarch64
    libgs-devel-9.54.0-9.amzn2.0.7.aarch64
    ghostscript-gtk-9.54.0-9.amzn2.0.7.aarch64
    ghostscript-cups-9.54.0-9.amzn2.0.7.aarch64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.7.aarch64

i686:
    ghostscript-9.54.0-9.amzn2.0.7.i686
    libgs-9.54.0-9.amzn2.0.7.i686
    libgs-devel-9.54.0-9.amzn2.0.7.i686
    ghostscript-gtk-9.54.0-9.amzn2.0.7.i686
    ghostscript-cups-9.54.0-9.amzn2.0.7.i686
    ghostscript-debuginfo-9.54.0-9.amzn2.0.7.i686

noarch:
    ghostscript-doc-9.54.0-9.amzn2.0.7.noarch

src:
    ghostscript-9.54.0-9.amzn2.0.7.src

x86_64:
    ghostscript-9.54.0-9.amzn2.0.7.x86_64
    libgs-9.54.0-9.amzn2.0.7.x86_64
    libgs-devel-9.54.0-9.amzn2.0.7.x86_64
    ghostscript-gtk-9.54.0-9.amzn2.0.7.x86_64
    ghostscript-cups-9.54.0-9.amzn2.0.7.x86_64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.7.x86_64

Additional References

Red Hat: CVE-2024-46951, CVE-2024-46953, CVE-2024-46956

Mitre: CVE-2024-46951, CVE-2024-46953, CVE-2024-46956