diff --git a/ghostscript-9.54.0-CVE-2023-43115.patch b/ghostscript-9.54.0-CVE-2023-43115.patch new file mode 100644 index 0000000..184cb39 --- /dev/null +++ b/ghostscript-9.54.0-CVE-2023-43115.patch @@ -0,0 +1,21 @@ +--- a/devices/gdevijs.c ++++ b/devices/gdevijs.c +@@ -934,6 +934,9 @@ + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); ++ + code = gx_default_finish_copydevice(dev, from_dev); + if(code < 0) + return code; +@@ -1363,7 +1366,7 @@ + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", diff --git a/ghostscript.spec b/ghostscript.spec index 5e32595..55f161e 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -42,7 +42,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 9.54.0 -Release: 13%{?dist} +Release: 14%{?dist} License: AGPLv3+ @@ -112,6 +112,7 @@ Patch007: ghostscript-9.54.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch Patch008: ghostscript-9.54.0-CVE-2023-28879.patch Patch009: ghostscript-9.54.0-CVE-2023-36664.patch Patch010: ghostscript-9.54.0-CVE-2023-38559.patch +Patch011: ghostscript-9.54.0-CVE-2023-43115.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ @@ -445,6 +446,9 @@ done # ============================================================================= %changelog +* Fri Oct 27 2023 Richard Lescak - 9.54.0-14 +- fix for CVE-2023-43115 +- Resolves: RHEL-10185 * Fri Aug 04 2023 Richard Lescak - 9.54.0-13 - fix for CVE-2023-38559