Important: ghostscript

Issue Overview:

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. (CVE-2023-28879)

Affected Packages:

ghostscript

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update ghostscript to update your system.

New Packages:

aarch64:  
    ghostscript-9.25-5.amzn2.0.3.aarch64  
    libgs-9.25-5.amzn2.0.3.aarch64  
    libgs-devel-9.25-5.amzn2.0.3.aarch64  
    ghostscript-gtk-9.25-5.amzn2.0.3.aarch64  
    ghostscript-cups-9.25-5.amzn2.0.3.aarch64  
    ghostscript-debuginfo-9.25-5.amzn2.0.3.aarch64  
  
i686:  
    ghostscript-9.25-5.amzn2.0.3.i686  
    libgs-9.25-5.amzn2.0.3.i686  
    libgs-devel-9.25-5.amzn2.0.3.i686  
    ghostscript-gtk-9.25-5.amzn2.0.3.i686  
    ghostscript-cups-9.25-5.amzn2.0.3.i686  
    ghostscript-debuginfo-9.25-5.amzn2.0.3.i686  
  
noarch:  
    ghostscript-doc-9.25-5.amzn2.0.3.noarch  
  
src:  
    ghostscript-9.25-5.amzn2.0.3.src  
  
x86_64:  
    ghostscript-9.25-5.amzn2.0.3.x86_64  
    libgs-9.25-5.amzn2.0.3.x86_64  
    libgs-devel-9.25-5.amzn2.0.3.x86_64  
    ghostscript-gtk-9.25-5.amzn2.0.3.x86_64  
    ghostscript-cups-9.25-5.amzn2.0.3.x86_64  
    ghostscript-debuginfo-9.25-5.amzn2.0.3.x86_64  

Additional References

Red Hat: CVE-2023-28879

Mitre: CVE-2023-28879