Security update for ghostscript SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2276-1 Final 1 1 2024-07-02T14:45:42Z current 2024-07-02T14:45:42Z 2024-07-02T14:45:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ghostscript This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path (bsc#1226945). - CVE-2024-33870: Fixed a format string injection that could lead to command execution (bsc#1226944). - CVE-2024-33869: Fixed a path validation bypass that could lead to path traversal (bsc#1226946). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2276,SUSE-SLE-SDK-12-SP5-2024-2276,SUSE-SLE-SERVER-12-SP5-2024-2276 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242276-1/ Link for SUSE-SU-2024:2276-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/018850.html E-Mail link for SUSE-SU-2024:2276-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1226944 SUSE Bug 1226944 https://bugzilla.suse.com/1226945 SUSE Bug 1226945 https://bugzilla.suse.com/1226946 SUSE Bug 1226946 https://www.suse.com/security/cve/CVE-2024-29510/ SUSE CVE CVE-2024-29510 page https://www.suse.com/security/cve/CVE-2024-33869/ SUSE CVE CVE-2024-33869 page https://www.suse.com/security/cve/CVE-2024-33870/ SUSE CVE CVE-2024-33870 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 ghostscript-9.52-23.80.1 ghostscript-devel-9.52-23.80.1 ghostscript-mini-9.52-23.80.1 ghostscript-mini-devel-9.52-23.80.1 ghostscript-x11-9.52-23.80.1 ghostscript-9.52-23.80.1 as a component of SUSE Linux Enterprise Server 12 SP5 ghostscript-devel-9.52-23.80.1 as a component of SUSE Linux Enterprise Server 12 SP5 ghostscript-x11-9.52-23.80.1 as a component of SUSE Linux Enterprise Server 12 SP5 ghostscript-9.52-23.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 ghostscript-devel-9.52-23.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 ghostscript-x11-9.52-23.80.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 ghostscript-devel-9.52-23.80.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. CVE-2024-29510 SUSE Linux Enterprise Server 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Software Development Kit 12 SP5:ghostscript-devel-9.52-23.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242276-1/ https://www.suse.com/security/cve/CVE-2024-29510.html CVE-2024-29510 https://bugzilla.suse.com/1226945 SUSE Bug 1226945 An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. CVE-2024-33869 SUSE Linux Enterprise Server 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Software Development Kit 12 SP5:ghostscript-devel-9.52-23.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242276-1/ https://www.suse.com/security/cve/CVE-2024-33869.html CVE-2024-33869 https://bugzilla.suse.com/1226946 SUSE Bug 1226946 An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. CVE-2024-33870 SUSE Linux Enterprise Server 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-devel-9.52-23.80.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:ghostscript-x11-9.52-23.80.1 SUSE Linux Enterprise Software Development Kit 12 SP5:ghostscript-devel-9.52-23.80.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242276-1/ https://www.suse.com/security/cve/CVE-2024-33870.html CVE-2024-33870 https://bugzilla.suse.com/1226944 SUSE Bug 1226944