AlmaLinux 2324 Published by

A ghostscript security, bug fix, and enhancement update has been released for AlmaLinux.



ALSA-2021:1852 Moderate: ghostscript security, bug fix, and enhancement update


Type:
security

Severity:
moderate

Release date:
2021-05-18

Description
The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)
Security Fix(es):
* ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)
* ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)
* ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)
* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)
* ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)
* ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)
* ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293)
* ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)
* ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)
* ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)
* ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)
* ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)
* ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)
* ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)
* ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)
* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)
* ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)
* ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)
* ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)
* ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)
* ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)
* ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)
* ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)
* ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)
* ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)
* ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
CVE-2020-14373
CVE-2020-16287
CVE-2020-16288
CVE-2020-16289
CVE-2020-16290
CVE-2020-16291
CVE-2020-16292
CVE-2020-16293
CVE-2020-16294
CVE-2020-16295
CVE-2020-16296
CVE-2020-16297
CVE-2020-16298
CVE-2020-16299
CVE-2020-16300
CVE-2020-16301
CVE-2020-16302
CVE-2020-16303
CVE-2020-16304
CVE-2020-16305
CVE-2020-16306
CVE-2020-16307
CVE-2020-16308
CVE-2020-16309
CVE-2020-16310
CVE-2020-17538

Updates packages:
ghostscript-9.27-1.el8.x86_64.rpm
ghostscript-doc-9.27-1.el8.noarch.rpm
ghostscript-tools-dvipdf-9.27-1.el8.x86_64.rpm
ghostscript-tools-fonts-9.27-1.el8.x86_64.rpm
ghostscript-tools-printing-9.27-1.el8.x86_64.rpm
ghostscript-x11-9.27-1.el8.x86_64.rpm
libgs-9.27-1.el8.i686.rpm
libgs-9.27-1.el8.x86_64.rpm
libgs-devel-9.27-1.el8.i686.rpm
libgs-devel-9.27-1.el8.x86_64.rpm

Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2021:1852 Moderate: ghostscript security, bug fix, and enhancement update