Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202008-20 ] GPL Ghostscript: Multiple vulnerabilities
Date: Sat, 29 Aug 2020 22:15:11
Message-Id: 99E175F3-C3A9-4EC4-ADF5-9C0626B3010E@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202008-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: GPL Ghostscript: Multiple vulnerabilities
9 Date: August 29, 2020
10 Bugs: #734322
11 ID: 202008-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in GPL Ghostscript, the worst
19 of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Ghostscript is an interpreter for the PostScript language and for PDF.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-text/ghostscript-gpl
33 < 9.52 >= 9.52
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in GPL Ghostscript.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All GPL Ghostscript users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.52"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2020-15900
63 https://nvd.nist.gov/vuln/detail/CVE-2020-15900
64 [ 2 ] CVE-2020-16287
65 https://nvd.nist.gov/vuln/detail/CVE-2020-16287
66 [ 3 ] CVE-2020-16288
67 https://nvd.nist.gov/vuln/detail/CVE-2020-16288
68 [ 4 ] CVE-2020-16289
69 https://nvd.nist.gov/vuln/detail/CVE-2020-16289
70 [ 5 ] CVE-2020-16290
71 https://nvd.nist.gov/vuln/detail/CVE-2020-16290
72 [ 6 ] CVE-2020-16291
73 https://nvd.nist.gov/vuln/detail/CVE-2020-16291
74 [ 7 ] CVE-2020-16292
75 https://nvd.nist.gov/vuln/detail/CVE-2020-16292
76 [ 8 ] CVE-2020-16293
77 https://nvd.nist.gov/vuln/detail/CVE-2020-16293
78 [ 9 ] CVE-2020-16294
79 https://nvd.nist.gov/vuln/detail/CVE-2020-16294
80 [ 10 ] CVE-2020-16295
81 https://nvd.nist.gov/vuln/detail/CVE-2020-16295
82 [ 11 ] CVE-2020-16296
83 https://nvd.nist.gov/vuln/detail/CVE-2020-16296
84 [ 12 ] CVE-2020-16297
85 https://nvd.nist.gov/vuln/detail/CVE-2020-16297
86 [ 13 ] CVE-2020-16298
87 https://nvd.nist.gov/vuln/detail/CVE-2020-16298
88 [ 14 ] CVE-2020-16299
89 https://nvd.nist.gov/vuln/detail/CVE-2020-16299
90 [ 15 ] CVE-2020-16300
91 https://nvd.nist.gov/vuln/detail/CVE-2020-16300
92 [ 16 ] CVE-2020-16301
93 https://nvd.nist.gov/vuln/detail/CVE-2020-16301
94 [ 17 ] CVE-2020-16302
95 https://nvd.nist.gov/vuln/detail/CVE-2020-16302
96 [ 18 ] CVE-2020-16303
97 https://nvd.nist.gov/vuln/detail/CVE-2020-16303
98 [ 19 ] CVE-2020-16304
99 https://nvd.nist.gov/vuln/detail/CVE-2020-16304
100 [ 20 ] CVE-2020-16305
101 https://nvd.nist.gov/vuln/detail/CVE-2020-16305
102 [ 21 ] CVE-2020-16306
103 https://nvd.nist.gov/vuln/detail/CVE-2020-16306
104 [ 22 ] CVE-2020-16307
105 https://nvd.nist.gov/vuln/detail/CVE-2020-16307
106 [ 23 ] CVE-2020-16308
107 https://nvd.nist.gov/vuln/detail/CVE-2020-16308
108 [ 24 ] CVE-2020-16309
109 https://nvd.nist.gov/vuln/detail/CVE-2020-16309
110 [ 25 ] CVE-2020-16310
111 https://nvd.nist.gov/vuln/detail/CVE-2020-16310
112 [ 26 ] CVE-2020-17538
113 https://nvd.nist.gov/vuln/detail/CVE-2020-17538
114
115 Availability
116 ============
117
118 This GLSA and any updates to it are available for viewing at
119 the Gentoo Security Website:
120
121 https://security.gentoo.org/glsa/202008-20
122
123 Concerns?
124 =========
125
126 Security is a primary focus of Gentoo Linux and ensuring the
127 confidentiality and security of our users' machines is of utmost
128 importance to us. Any security concerns should be addressed to
129 security@g.o or alternatively, you may file a bug at
130 https://bugs.gentoo.org.
131
132 License
133 =======
134
135 Copyright 2020 Gentoo Foundation, Inc; referenced text
136 belongs to its owner(s).
137
138 The contents of this document are licensed under the
139 Creative Commons - Attribution / Share Alike license.
140
141 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature