diff --git a/SOURCES/ghostscript-9.54.0-CVE-2023-43115.patch b/SOURCES/ghostscript-9.54.0-CVE-2023-43115.patch new file mode 100644 index 0000000..184cb39 --- /dev/null +++ b/SOURCES/ghostscript-9.54.0-CVE-2023-43115.patch @@ -0,0 +1,21 @@ +--- a/devices/gdevijs.c ++++ b/devices/gdevijs.c +@@ -934,6 +934,9 @@ + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); ++ + code = gx_default_finish_copydevice(dev, from_dev); + if(code < 0) + return code; +@@ -1363,7 +1366,7 @@ + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", diff --git a/SPECS/ghostscript.spec b/SPECS/ghostscript.spec index a8f64d5..9dd8bdc 100644 --- a/SPECS/ghostscript.spec +++ b/SPECS/ghostscript.spec @@ -42,7 +42,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 9.54.0 -Release: 10%{?dist} +Release: 11%{?dist} License: AGPLv3+ @@ -109,6 +109,7 @@ Patch004: ghostscript-9.54.0-Fix-op-stack-management-in-sampled_data_c.patch Patch005: ghostscript-9.54.0-Deal-with-different-VM-modes-during-CIDFont-loading.patch Patch006: ghostscript-9.54.0-ESC-Page-driver-does-not-set-page-size-correctly.patch Patch007: ghostscript-9.54.0-CVE-2023-36664.patch +Patch008: ghostscript-9.54.0-CVE-2023-43115.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ @@ -442,6 +443,10 @@ done # ============================================================================= %changelog +* Thu Oct 12 2023 Richard Lescak - 9.54.0-11 +- fix for CVE-2023-43115 +- Resolves: RHEL-10183 + * Mon Jul 03 2023 Richard Lescak - 9.54.0-10 - fix for CVE-2023-36664 - Resolves: rhbz#2217809