ALSA-2021:1852

Source
https://errata.almalinux.org/8/ALSA-2021-1852.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:1852.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2021:1852
Related
Published
2021-05-18T06:14:55Z
Modified
2021-11-12T10:20:56Z
Summary
Moderate: ghostscript security, bug fix, and enhancement update
Details

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)

Security Fix(es):

  • ghostscript: use-after-free vulnerability in igcrelocstruct_ptr() could result in DoS (CVE-2020-14373)

  • ghostscript: buffer overflow in lprnisblack() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)

  • ghostscript: buffer overflow in pjcommonprint_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)

  • ghostscript: buffer overflow in jetp3852printpage() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)

  • ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)

  • ghostscript: buffer overflow in mjrastercmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)

  • ghostscript: NULL pointer dereference in composegroupnonknockoutnonblendisolatedallmaskcommon() in base/gxblend.c could result in a DoS (CVE-2020-16293)

  • ghostscript: buffer overflow in epscprintpage() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)

  • ghostscript: NULL pointer dereference in cljmediasize() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)

  • ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)

  • ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)

  • ghostscript: buffer overflow in mjcolorcorrect() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)

  • ghostscript: division by zero in bj10vprintpage() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)

  • ghostscript: buffer overflow in tiff12printpage() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)

  • ghostscript: buffer overflow in okiibmprintpage1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)

  • ghostscript: buffer overflow in jetp3852printpage() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)

  • ghostscript: use-after-free in xpsfinishimage_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)

  • ghostscript: buffer overflow in imagerendercolor_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)

  • ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)

  • ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)

  • ghostscript: buffer overflow in pprintimage() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)

  • ghostscript: buffer overflow in lxm5700mprintpage() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)

  • ghostscript: division by zero in dot24printpage() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)

  • ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)

  • ghostscript: buffer overflow in cifprintpage() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)

  • ghostscript: buffer overflow in pcxwriterle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / ghostscript

Package

Name
ghostscript

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / ghostscript-doc

Package

Name
ghostscript-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / ghostscript-tools-dvipdf

Package

Name
ghostscript-tools-dvipdf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / ghostscript-tools-fonts

Package

Name
ghostscript-tools-fonts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / ghostscript-tools-printing

Package

Name
ghostscript-tools-printing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / ghostscript-x11

Package

Name
ghostscript-x11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / libgs

Package

Name
libgs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8

AlmaLinux:8 / libgs-devel

Package

Name
libgs-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.27-1.el8