An update for ghostscript is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1695 Final 1.0 1.0 2023-09-28 Initial 2023-09-28 2023-09-28 openEuler SA Tool V1.0 2023-09-28 ghostscript security update An update for ghostscript is now available for openEuler-20.03-LTS-SP3. Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fix(es): In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).(CVE-2023-43115) An update for ghostscript is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical ghostscript https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1695 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-43115 https://nvd.nist.gov/vuln/detail/CVE-2023-43115 openEuler-20.03-LTS-SP3 ghostscript-tools-dvipdf-9.52-11.oe1.aarch64.rpm ghostscript-devel-9.52-11.oe1.aarch64.rpm ghostscript-9.52-11.oe1.aarch64.rpm ghostscript-debuginfo-9.52-11.oe1.aarch64.rpm ghostscript-debugsource-9.52-11.oe1.aarch64.rpm ghostscript-help-9.52-11.oe1.noarch.rpm ghostscript-9.52-11.oe1.src.rpm ghostscript-debugsource-9.52-11.oe1.x86_64.rpm ghostscript-tools-dvipdf-9.52-11.oe1.x86_64.rpm ghostscript-debuginfo-9.52-11.oe1.x86_64.rpm ghostscript-devel-9.52-11.oe1.x86_64.rpm ghostscript-9.52-11.oe1.x86_64.rpm In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). 2023-09-28 CVE-2023-43115 openEuler-20.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ghostscript security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1695