ghostscript-9.56.1-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12853 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ghostscript-9.56.1-2.1 on GA media These are all security issues fixed in the ghostscript-9.56.1-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12853 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12853 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-28879/ SUSE CVE CVE-2023-28879 page openSUSE Tumbleweed ghostscript-9.56.1-2.1 ghostscript-devel-9.56.1-2.1 ghostscript-x11-9.56.1-2.1 ghostscript-9.56.1-2.1 as a component of openSUSE Tumbleweed ghostscript-devel-9.56.1-2.1 as a component of openSUSE Tumbleweed ghostscript-x11-9.56.1-2.1 as a component of openSUSE Tumbleweed In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. CVE-2023-28879 openSUSE Tumbleweed:ghostscript-9.56.1-2.1 openSUSE Tumbleweed:ghostscript-devel-9.56.1-2.1 openSUSE Tumbleweed:ghostscript-x11-9.56.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-28879.html CVE-2023-28879 https://bugzilla.suse.com/1210062 SUSE Bug 1210062 https://bugzilla.suse.com/1210900 SUSE Bug 1210900 https://bugzilla.suse.com/1211514 SUSE Bug 1211514 https://bugzilla.suse.com/1213844 SUSE Bug 1213844