Lucene search
AmazonALAS-2024-2544HistoryMay 09, 2024 - 7:16 p.m.
Important: ghostscript
2024-05-0919:16:00
alas.aws.amazon.com
9
ghostscript
permission validation
update
amazon linux 2 core
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
23.1%
Issue Overview:
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664)
Affected Packages:
ghostscript
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ghostscript to update your system.
New Packages:
aarch64:
ghostscript-9.54.0-9.amzn2.0.1.aarch64
libgs-9.54.0-9.amzn2.0.1.aarch64
libgs-devel-9.54.0-9.amzn2.0.1.aarch64
ghostscript-gtk-9.54.0-9.amzn2.0.1.aarch64
ghostscript-cups-9.54.0-9.amzn2.0.1.aarch64
ghostscript-debuginfo-9.54.0-9.amzn2.0.1.aarch64
i686:
ghostscript-9.54.0-9.amzn2.0.1.i686
libgs-9.54.0-9.amzn2.0.1.i686
libgs-devel-9.54.0-9.amzn2.0.1.i686
ghostscript-gtk-9.54.0-9.amzn2.0.1.i686
ghostscript-cups-9.54.0-9.amzn2.0.1.i686
ghostscript-debuginfo-9.54.0-9.amzn2.0.1.i686
noarch:
ghostscript-doc-9.54.0-9.amzn2.0.1.noarch
src:
ghostscript-9.54.0-9.amzn2.0.1.src
x86_64:
ghostscript-9.54.0-9.amzn2.0.1.x86_64
libgs-9.54.0-9.amzn2.0.1.x86_64
libgs-devel-9.54.0-9.amzn2.0.1.x86_64
ghostscript-gtk-9.54.0-9.amzn2.0.1.x86_64
ghostscript-cups-9.54.0-9.amzn2.0.1.x86_64
ghostscript-debuginfo-9.54.0-9.amzn2.0.1.x86_64
Additional References
Red Hat: CVE-2023-36664
Mitre: CVE-2023-36664
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | ghostscript | < 9.54.0-9.amzn2.0.1 | ghostscript-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libgs | < 9.54.0-9.amzn2.0.1 | libgs-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libgs-devel | < 9.54.0-9.amzn2.0.1 | libgs-devel-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | ghostscript-gtk | < 9.54.0-9.amzn2.0.1 | ghostscript-gtk-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | ghostscript-cups | < 9.54.0-9.amzn2.0.1 | ghostscript-cups-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | ghostscript-debuginfo | < 9.54.0-9.amzn2.0.1 | ghostscript-debuginfo-9.54.0-9.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | i686 | ghostscript | < 9.54.0-9.amzn2.0.1 | ghostscript-9.54.0-9.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | libgs | < 9.54.0-9.amzn2.0.1 | libgs-9.54.0-9.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | libgs-devel | < 9.54.0-9.amzn2.0.1 | libgs-devel-9.54.0-9.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | ghostscript-gtk | < 9.54.0-9.amzn2.0.1 | ghostscript-gtk-9.54.0-9.amzn2.0.1.i686.rpm |
Related
nessus
nessus
Debian DSA-5446-1 : ghostscript - security update
2023-07-04 00:00:00
Rocky Linux 9 : ghostscript (RLSA-2023:5459)
2023-10-06 00:00:00
Artifex Ghostscript < 10.01.2 Security Bypass
2023-06-30 00:00:00
osv
osv
Important: ghostscript security update
2023-10-06 22:58:14
CVE-2023-36664
2023-06-25 22:15:21
ghostscript vulnerability
2023-07-10 13:06:27
oraclelinux
oraclelinux
ghostscript security update
2023-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: ghostscript-10.01.2-1.fc38
2023-07-16 01:27:12
[SECURITY] Fedora 37 Update: ghostscript-9.56.1-8.fc37
2023-07-23 01:24:49
slackware
slackware
[slackware-security] ghostscript
2024-03-07 20:46:46
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2844-1)
2023-07-17 00:00:00
Debian: Security Advisory (DSA-5446-1)
2023-07-04 00:00:00
Fedora: Security Advisory for ghostscript (FEDORA-2023-83c805b441)
2023-07-26 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-36664
2024-04-09 22:05:29
Exploit for CVE-2023-36664
2023-08-12 18:33:57
Exploit for CVE-2023-36664
2023-12-02 10:28:10
cvelist
cvelist
CVE-2023-36664
2023-06-25 00:00:00
nvd
nvd
CVE-2023-36664
2023-06-25 22:15:21
prion
prion
Design/Logic Flaw
2023-06-25 22:15:00
debian
debian
[SECURITY] [DSA 5446-1] ghostscript security update
2023-07-03 20:10:41
cve
cve
CVE-2023-36664
2023-06-25 22:15:21
ubuntu
ubuntu
Ghostscript vulnerability
2023-07-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-36664
2023-06-25 00:00:00
veracode
veracode
Improper Input Validation
2023-07-19 23:22:53
almalinux
almalinux
Important: ghostscript security update
2023-10-05 00:00:00
rocky
rocky
ghostscript security update
2023-10-06 22:58:14
rosalinux
rosalinux
Advisory ROSA-SA-2023-2318
2023-12-26 12:01:06
redhatcve
redhatcve
CVE-2023-36664
2023-06-27 06:47:22
redhat
redhat
(RHSA-2023:4324) Important: ghostscript security update
2023-07-31 08:17:10
(RHSA-2023:5459) Important: ghostscript security update
2023-10-05 10:11:33
redos
redos
ROS-20230911-05
2023-09-11 00:00:00
debiancve
debiancve
CVE-2023-36664
2023-06-25 22:15:21
alpinelinux
alpinelinux
CVE-2023-36664
2023-06-25 22:15:21
mageia
mageia
Updated ghostscript packages fix security vulnerability
2023-09-11 16:07:54
gentoo
gentoo
GPL Ghostscript: Multiple Vulnerabilities
2023-09-17 00:00:00
thn
thn
hp
hp
HP ThinPro 8.0 SP 7 Security Updates
2024-01-26 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
23.1%
Related for ALAS-2024-2544