1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202211-11 ] GPL Ghostscript: Multiple Vulnerab

    From glsamaker@gentoo.org@21:1/5 to All on Tue Nov 22 05:10:01 2022
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202211-11
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: GPL Ghostscript: Multiple Vulnerabilities
    Date: November 22, 2022
    Bugs: #852944, #812509
    ID: 202211-11

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been found in GPL Ghostscript, the worst
    of which could result in arbitrary code execution.

    Background
    ==========

    Ghostscript is an interpreter for the PostScript language and for PDF.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 app-text/ghostscript-gpl < 9.56.1 >= 9.56.1

    Description
    ===========

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
    review the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All GPL Ghostscript users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.56.1"

    References
    ==========

    [ 1 ] CVE-2021-3781
    https://nvd.nist.gov/vuln/detail/CVE-2021-3781
    [ 2 ] CVE-2022-2085
    https://nvd.nist.gov/vuln/detail/CVE-2022-2085

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202211-11

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2022 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmN8R9kACgkQFMQkOaVy +9lEXxAAgW3zl5Cc8XAbqACk7NDH6TIqInoJ4WcT8Mv4PGEBgLvDktRYqQyvaQPu WJYaPhmOlLe+yxK/blSgiP6nKUF59Fknkj/6GhVztfUDQSMh6WIFP7MnvTHy8evZ Enxf89nE3klqjS+iopDcx7lsOJRfMNecDRVODA2zrFXyZKLUdbqWJ8UXWcnZr+T0 aZ6vsFf8oZKBzAndufsBAh2+BROX/f7WPEXFyH4P2bqzbpO9/vtYA6nAoCSMDUA5 RRtGFaAEQ5x+GL4q3G/jy6VUNaIOdHOqM8KG+lKxYT7zKCk/xCQlbZxOXlLpFSRq kN5Fl83D8mhVTWOPS1PfJTHc6W8eSLXzM5knJzyeUsfp3J0TelyoaL3PFGv9vUtT RkoiGwbdt7tDepILZVn56NQ42g2zebgTU99ATe+zXK9Ur1Rw+IvOXLBOJofFZf++ RVllsFY1FUpTWffYkx65semVMP1UJXDwvUiVZw/AZ+eyq/Z83dA4QjVTYuWlrJxc spkWN9ou6G2JatDFpvCFCinHKdN2/B4hZL4vsXHPG8C+LMCetNNchaqL2NPsiMff M/63RIsbvvOShboHupM1gN/jePWOhzm1JuMba7AwyGepDVXSbitvcO/mHH6L+moh VjAP0c2C4SukqmUydY8CFIpCEfNrrBd0CQlw21+JqhDtczqwAgg=
    =V9xw
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)