ALSA-2021:1852

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)

Security Fix(es):

• ghostscript: use-after-free vulnerability in igcrelocstruct_ptr() could result in DoS (CVE-2020-14373)

• ghostscript: buffer overflow in lprnisblack() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)

• ghostscript: buffer overflow in pjcommonprint_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)

• ghostscript: buffer overflow in jetp3852printpage() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)

• ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)

• ghostscript: buffer overflow in mjrastercmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)

• ghostscript: NULL pointer dereference in composegroupnonknockoutnonblendisolatedallmaskcommon() in base/gxblend.c could result in a DoS (CVE-2020-16293)

• ghostscript: buffer overflow in epscprintpage() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)

• ghostscript: NULL pointer dereference in cljmediasize() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)

• ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)

• ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)

• ghostscript: buffer overflow in mjcolorcorrect() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)

• ghostscript: division by zero in bj10vprintpage() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)

• ghostscript: buffer overflow in tiff12printpage() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)

• ghostscript: buffer overflow in okiibmprintpage1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)

• ghostscript: buffer overflow in jetp3852printpage() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)

• ghostscript: use-after-free in xpsfinishimage_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)

• ghostscript: buffer overflow in imagerendercolor_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)

• ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)

• ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)

• ghostscript: buffer overflow in pprintimage() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)

• ghostscript: buffer overflow in lxm5700mprintpage() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)

• ghostscript: division by zero in dot24printpage() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)

• ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)

• ghostscript: buffer overflow in cifprintpage() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)

• ghostscript: buffer overflow in pcxwriterle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.