ALSA-2021:1852

[ALSA-2021:1852] Moderate: ghostscript security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)

Security Fix(es):

* ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373)

* ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)

* ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)

* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290)

* ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)

* ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)

* ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293)

* ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)

* ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295)

* ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)

* ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)

* ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)

* ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)

* ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)

* ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301)

* ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)

* ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303)

* ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304)

* ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306)

* ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307)

* ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308)

* ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309)

* ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310)

* ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538)

* ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289)

* ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	ghostscript-tools-fonts-9.27-1.el8.aarch64.rpm	07d64f00818b777a645de12ce2a09486fcfcf943d95f82b3b9ef99208113e296
aarch64	libgs-devel-9.27-1.el8.aarch64.rpm	084e57d713abc654dc30240b25b28ec2f7b2f67e140670321aa37aca21c6d9f5
aarch64	ghostscript-tools-printing-9.27-1.el8.aarch64.rpm	2b8d6e782d7ffe8fd83583de0e0e2f7fb8dadc3957b13c53c7610229b6b52426
aarch64	libgs-9.27-1.el8.aarch64.rpm	725eb2e02dc7c1421dd57b9eb37342d684f1fbe17d5361e052fb39472aa377d7
aarch64	ghostscript-9.27-1.el8.aarch64.rpm	8ebc8612d3b6bd28e92b739735ed7bd5885e78964f88deaab5837ead8bc81631
aarch64	ghostscript-x11-9.27-1.el8.aarch64.rpm	b3f74b6304ac5180f9540172243e2b56555cce5d309ef3a1e7c7da1004051db6
aarch64	ghostscript-tools-dvipdf-9.27-1.el8.aarch64.rpm	f478c973943dde44ee3a24cb48e47f76d357b28d1ec37dd4461945c746549102
i686	libgs-devel-9.27-1.el8.i686.rpm	34f5085bee4ab147c758ae2fe1b979f9bb1d976489b5d764ab1fcc487fe0cb8c
i686	libgs-9.27-1.el8.i686.rpm	861f2eb35092b0e411a480ca42777e5d9e9bd2561c9dde6d6fb702972c2cad6e
noarch	ghostscript-doc-9.27-1.el8.noarch.rpm	f4272facbfb25f9aaf34b083a0f00b542c5dd78760c50f62dd3d46024d35b7f1
ppc64le	ghostscript-x11-9.27-1.el8.ppc64le.rpm	01770b6dc73e821e2ca07b360da8b50d1efb3aa9c842d8dd5c47c3b9742a6815
ppc64le	ghostscript-9.27-1.el8.ppc64le.rpm	046e211b837514eea699e1a2698389a422d961c0f97cad0c9cf0477c1361fb6b
ppc64le	libgs-devel-9.27-1.el8.ppc64le.rpm	0a16d8dbc3b8d3edb70c1cfe5828e496c06ace8a72fdca24e1c2a2f8d2d948cb
ppc64le	libgs-9.27-1.el8.ppc64le.rpm	28b3ab0c9d1cbd70b9754429727c5fbf196dd90aba95556ad3f19b54a5555ebc
ppc64le	ghostscript-tools-fonts-9.27-1.el8.ppc64le.rpm	40f66ad3b535cb571729cfcc419426ecf103e0cb7bdb87984bed8e93c1989c8e
ppc64le	ghostscript-tools-printing-9.27-1.el8.ppc64le.rpm	9be772f3cf97fe0bf6bdb76751912e6c4a4eb28674b5380129daf14c429a36bc
ppc64le	ghostscript-tools-dvipdf-9.27-1.el8.ppc64le.rpm	eb438c029674ea5122dfb05a14bd2e14ec12e3b8abc10b1487d9166e44488269
x86_64	ghostscript-tools-dvipdf-9.27-1.el8.x86_64.rpm	00d6e1acafca7f7eeeabc3f2b959fa73a74d13fc2a566b3fdb8524518ec766f4
x86_64	ghostscript-x11-9.27-1.el8.x86_64.rpm	759372e60f585217381a811e589747dda6f91ed3c5215e794434263cafbeadb3
x86_64	libgs-devel-9.27-1.el8.x86_64.rpm	802e25447a5d2f929735cffce1d3870475f9b867b4a14d1013d1b6ecd5e5a90d
x86_64	ghostscript-9.27-1.el8.x86_64.rpm	9d1c9cedad80ba4e0aa8d5495074cecadecf02c64ad0edb7270d1f5842836b3b
x86_64	ghostscript-tools-printing-9.27-1.el8.x86_64.rpm	a967a540af40b34c792bb03dbbc0228a22344bcf81d42e1a9d82f4611e0dc41f
x86_64	libgs-9.27-1.el8.x86_64.rpm	a96f6b9375555d39ce69440a86404f1d696448e03ff4645f34d4a531532eedd8
x86_64	ghostscript-tools-fonts-9.27-1.el8.x86_64.rpm	f5cc1797f6d71845d680d1ebf35599c34108307e271bd899467e20d8dc748afd

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.