ALAS-2025-2760

Amazon Linux 2 Security Advisory: ALAS-2025-2760
Advisory Release Date: 2025-02-12 23:17 Pacific
Advisory Updated Date: 2025-02-25 10:30 Pacific
Severity: Medium
Issue Overview:

PS interpreter - check Indexed colour space index

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a (ghostpdl-10.04.0) (CVE-2024-46955)


Affected Packages:

ghostscript


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
aarch64:
    ghostscript-9.54.0-9.amzn2.0.8.aarch64
    libgs-9.54.0-9.amzn2.0.8.aarch64
    libgs-devel-9.54.0-9.amzn2.0.8.aarch64
    ghostscript-gtk-9.54.0-9.amzn2.0.8.aarch64
    ghostscript-cups-9.54.0-9.amzn2.0.8.aarch64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.8.aarch64

i686:
    ghostscript-9.54.0-9.amzn2.0.8.i686
    libgs-9.54.0-9.amzn2.0.8.i686
    libgs-devel-9.54.0-9.amzn2.0.8.i686
    ghostscript-gtk-9.54.0-9.amzn2.0.8.i686
    ghostscript-cups-9.54.0-9.amzn2.0.8.i686
    ghostscript-debuginfo-9.54.0-9.amzn2.0.8.i686

noarch:
    ghostscript-doc-9.54.0-9.amzn2.0.8.noarch

src:
    ghostscript-9.54.0-9.amzn2.0.8.src

x86_64:
    ghostscript-9.54.0-9.amzn2.0.8.x86_64
    libgs-9.54.0-9.amzn2.0.8.x86_64
    libgs-devel-9.54.0-9.amzn2.0.8.x86_64
    ghostscript-gtk-9.54.0-9.amzn2.0.8.x86_64
    ghostscript-cups-9.54.0-9.amzn2.0.8.x86_64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.8.x86_64

Additional References

Red Hat: CVE-2024-46955

Mitre: CVE-2024-46955