From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6A6B31581F0 for ; Thu, 23 Jan 2025 06:24:30 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 5275F34344B for ; Thu, 23 Jan 2025 06:24:30 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 17056110474; Thu, 23 Jan 2025 06:19:00 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id F401011043F for ; Thu, 23 Jan 2025 06:18:38 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (glsamakerdev.dev.gentoo.org [140.211.166.178]) by smtp.gentoo.org (Postfix) with ESMTP id D813D3431DF for ; Thu, 23 Jan 2025 06:18:38 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id BF333C770C for ; Thu, 23 Jan 2025 06:18:38 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202501-06 ] GPL Ghostscript: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============7176969238874511712==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Thu, 23 Jan 2025 06:18:38 -0000 Message-ID: <173761311877.7.3145491804834586612@3f85d36892cf> X-Archives-Salt: 3d5d9399-79da-4f60-8d4b-d5100420eaf3 X-Archives-Hash: 3641cc6d2e8a76cc84eba3070dc16143 --===============7176969238874511712== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GPL Ghostscript: Multiple Vulnerabilities Date: January 23, 2025 Bugs: #942639 ID: 202501-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could lead to arbitrary code execution. Background ========== Ghostscript is an interpreter for the PostScript language and for PDF. Affected packages ================= Package Vulnerable Unaffected ------------------------ ------------ ------------ app-text/ghostscript-gpl < 10.04.0 >= 10.04.0 Description =========== Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GPL Ghostscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.04.0" References ========== [ 1 ] CVE-2024-46951 https://nvd.nist.gov/vuln/detail/CVE-2024-46951 [ 2 ] CVE-2024-46952 https://nvd.nist.gov/vuln/detail/CVE-2024-46952 [ 3 ] CVE-2024-46953 https://nvd.nist.gov/vuln/detail/CVE-2024-46953 [ 4 ] CVE-2024-46954 https://nvd.nist.gov/vuln/detail/CVE-2024-46954 [ 5 ] CVE-2024-46955 https://nvd.nist.gov/vuln/detail/CVE-2024-46955 [ 6 ] CVE-2024-46956 https://nvd.nist.gov/vuln/detail/CVE-2024-46956 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============7176969238874511712== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmeR3z4ACgkQFMQkOaVy +9lgTxAA1jZp8cJf2Fq7uyC6umbTGleCy9RAMIdNSumwd3kiM/9lQS2uch+Ek9/X g8Qz1bhKcvCCcDJu8SFrTCD2IY4/UNaLmMfdOuNBXJHZqWN2ibDgq0NDB5mV/qfp aO4qptphnv4mtEHZ+V7R+frDFX1RJsIPTi1G0cP2TLQz3EhC1s5qIng7Z3WAUf5a H7MM2Sjy9+Zh6xuyzOu65mGnr4xdHVgLXnYhUA8WFRJIvdqJBC132/1+FVC2B/Da S95EaW7pUEBi4wpvoVIFEdUvz6BJ33ORILEvXePeV+7ezHztjzLq1o/+BGGkqwl9 e4ndCIdmpEVM8SXYcDISI764Mammlp4MgPfAoCYqIC//DqCeuvotzm/BX8/Ed2u3 qZV1lZlFAz4adNQJIBJ/2LSYQcCliklP7aQuasM4OyubMWSIo5Lq9hnLPI4J1iDP det150xPpi1Ua/JgfQ+MF2a1DoOaLbm/Fgcc0xn6fSND5wOhEvIL50ij5OiQ6Mlm XGR2v1ldP2Zo0bxt8B1Rt+rFLunAy+yCoL0T1BaKifbcJorhzyTWiiuV2+CDDoGP Vq4rkKOIdqnTbNXdFGQwQSMm5sy6pR6he2BJwwnQE7P6QNYMJL95kpJBETU986HM t40AuwjpXquAYuI4bl75qqAa/6Ef+jQ3iOUsbGhaS/Wfef9wBS4= =HB9X -----END PGP SIGNATURE----- --===============7176969238874511712==--