ELSA-2024-6197

ELSA-2024-6197 - ghostscript security update

Type:SECURITY
Impact:MODERATE
Release Date:2024-09-03

Description


[9.54.0-17]
- RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
- RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction
- RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)


Related CVEs


CVE-2024-29510
CVE-2024-33870
CVE-2024-33869

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) ghostscript-9.54.0-17.el9_4.src.rpmc43244b938488d6af518e6689b8843059190a451ed9b0aa0cbaafe88628f0e13-ol9_aarch64_appstream
ghostscript-9.54.0-17.el9_4.src.rpmc43244b938488d6af518e6689b8843059190a451ed9b0aa0cbaafe88628f0e13-ol9_aarch64_codeready_builder
ghostscript-9.54.0-17.el9_4.aarch64.rpmf71b51995794407223364c9cc70e74a78b9bb3d679c649e74ac0d18822ee53c2-ol9_aarch64_appstream
ghostscript-doc-9.54.0-17.el9_4.noarch.rpm7af49c63f6b6e925a801fc210cc6a4d83dace65e295aa38df2ee3d25b010e860-ol9_aarch64_appstream
ghostscript-tools-dvipdf-9.54.0-17.el9_4.aarch64.rpma7cd6af6f037f5ff7aae170d1540c23ab1c88729c2bbab644bea77c7d80d9d05-ol9_aarch64_appstream
ghostscript-tools-fonts-9.54.0-17.el9_4.aarch64.rpmcf22ca1c872a4d6238b5d13a1d16a95675e7abb8d9d9ca3c864a6c5d83b68f9b-ol9_aarch64_appstream
ghostscript-tools-printing-9.54.0-17.el9_4.aarch64.rpm358fe5d5c4a7c0cd3480920035aa8e6c34c0b74a4e4210d5d38b76abb8d5c6f6-ol9_aarch64_appstream
ghostscript-x11-9.54.0-17.el9_4.aarch64.rpm05229a570628335d3465e4ab7871763ea50c2d46b3657f7cd10e28a1edc36e34-ol9_aarch64_appstream
libgs-9.54.0-17.el9_4.aarch64.rpm8ae2b5229ee5a40981328c4fa5f5700931d39af07ca6348b3f35e5f591f9fcee-ol9_aarch64_appstream
libgs-devel-9.54.0-17.el9_4.aarch64.rpm39264651c82b9395eed2b2dae8ed61379c4ffa12d045a60e9e7a2ea75667770c-ol9_aarch64_codeready_builder
Oracle Linux 9 (x86_64) ghostscript-9.54.0-17.el9_4.src.rpmc43244b938488d6af518e6689b8843059190a451ed9b0aa0cbaafe88628f0e13-ol9_x86_64_appstream
ghostscript-9.54.0-17.el9_4.src.rpmc43244b938488d6af518e6689b8843059190a451ed9b0aa0cbaafe88628f0e13-ol9_x86_64_codeready_builder
ghostscript-9.54.0-17.el9_4.i686.rpmc7ac1a631c7ee320dcf39b03bc66bb5965b56eaf3e2dee0066f57dceaf643bec-ol9_x86_64_codeready_builder
ghostscript-9.54.0-17.el9_4.x86_64.rpmebfbe21d49091bcba6ef90e0ee34a6308e6f5b6381aa9b9d747bc0c04e812ece-ol9_x86_64_appstream
ghostscript-doc-9.54.0-17.el9_4.noarch.rpm7af49c63f6b6e925a801fc210cc6a4d83dace65e295aa38df2ee3d25b010e860-ol9_x86_64_appstream
ghostscript-tools-dvipdf-9.54.0-17.el9_4.x86_64.rpmff0cbb334e37e7ed1a966b8c43b32099fea7c83785fd336e0fab0b6b0afccb58-ol9_x86_64_appstream
ghostscript-tools-fonts-9.54.0-17.el9_4.i686.rpm4e6b884bde74013ad063b4fa36fe9c5ccc77299df876fa9a637b063d32dbaa59-ol9_x86_64_codeready_builder
ghostscript-tools-fonts-9.54.0-17.el9_4.x86_64.rpm20a5da3041c80e62f7fc9c8d79fb0d2934c5ab87f579dac77664a8cb4897df9a-ol9_x86_64_appstream
ghostscript-tools-printing-9.54.0-17.el9_4.i686.rpme3e168304d77f1cec26facf3f6dd9ac093cca79435660394ec4118fe670e0ec5-ol9_x86_64_codeready_builder
ghostscript-tools-printing-9.54.0-17.el9_4.x86_64.rpm00e97e651cc3cecc28900f3ef15c8ff8eefc369ff93c839cc81c62c26e292f09-ol9_x86_64_appstream
ghostscript-x11-9.54.0-17.el9_4.x86_64.rpmcf93f66372f78df90ad22fb3caa04dcdf021219f83b18d05b5e85c126ec7d281-ol9_x86_64_appstream
libgs-9.54.0-17.el9_4.i686.rpmff11b720c6f9bd8a3d15ecb022484e665466260258fe59e5a643d27fd80935ac-ol9_x86_64_appstream
libgs-9.54.0-17.el9_4.x86_64.rpm3a40cc2470be3dfe52b9be57fd7a2257ab84a2ec90698f0b9b2c31047216a2b9-ol9_x86_64_appstream
libgs-devel-9.54.0-17.el9_4.i686.rpm6c870b730e61e88bd5f0e758d4030fa75e88003507727eb9e4e71041b07e1c5a-ol9_x86_64_codeready_builder
libgs-devel-9.54.0-17.el9_4.x86_64.rpmdb9cc50a00bf3471dd77aa721b6774cfdb2158388aa2b407cbc5ab4cc0013114-ol9_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete