diff --git a/ghostscript.spec b/ghostscript.spec index 1b85ad2..2d21c00 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -42,7 +42,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 9.54.0 -Release: 17%{?dist} +Release: 18%{?dist} License: AGPLv3+ @@ -121,6 +121,8 @@ Patch013: gs-CVE-2024-33870.patch Patch014: gs-CVE-2024-33869.patch # RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass) Patch015: 0001-Uniprint-device-prevent-string-configuration-changes.patch +# RHEL-18397 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable() +Patch016: gs-cve-2023-46751.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ @@ -454,6 +456,9 @@ done # ============================================================================= %changelog +* Tue Apr 15 2025 Zdenek Dohnal - 9.54.0-18 +- RHEL-18397 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable() + * Mon Jul 08 2024 Zdenek Dohnal - 9.54.0-17 - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction diff --git a/gs-cve-2023-46751.patch b/gs-cve-2023-46751.patch new file mode 100644 index 0000000..f1b5369 --- /dev/null +++ b/gs-cve-2023-46751.patch @@ -0,0 +1,12 @@ +diff --git a/base/gdevprn.c b/base/gdevprn.c +index cb3fdf4..cd4ea2b 100644 +--- a/base/gdevprn.c ++++ b/base/gdevprn.c +@@ -1255,6 +1255,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode, + && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { + + code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); ++ ppdev->file = NULL; + if (code < 0) + return code; + }