ALAS-2024-774

Amazon Linux 2023 Security Advisory: ALAS-2024-774
Advisory Release Date: 2024-12-05 20:34 Pacific
Advisory Updated Date: 2024-12-16 13:30 Pacific
Severity: Important
Issue Overview:

PS interpreter - check the type of the Pattern Implementation

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee (ghostpdl-10.04.0) (CVE-2024-46951)

PDF interpreter - sanitise W array values in Xref streams

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708001
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0) (CVE-2024-46952)

Check for overflow validating format string

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0) (CVE-2024-46953)

PostScript interpreter - fix buffer length check

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0) (CVE-2024-46956)


Affected Packages:

ghostscript


Issue Correction:
Run dnf update ghostscript --releasever 2023.6.20241212 to update your system.

New Packages:
aarch64:
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.11.aarch64
    libgs-debuginfo-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.11.aarch64
    libgs-devel-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-x11-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-gtk-9.56.1-7.amzn2023.0.11.aarch64
    libgs-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.11.aarch64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.11.aarch64

noarch:
    ghostscript-doc-9.56.1-7.amzn2023.0.11.noarch

src:
    ghostscript-9.56.1-7.amzn2023.0.11.src

x86_64:
    ghostscript-gtk-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.11.x86_64
    libgs-debuginfo-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.11.x86_64
    libgs-devel-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-x11-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.11.x86_64
    libgs-9.56.1-7.amzn2023.0.11.x86_64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.11.x86_64

Additional References

Red Hat: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46956

Mitre: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46956