ALAS2-2025-2875

Amazon Linux 2 Security Advisory: ALAS2-2025-2875
Advisory Released Date: 2025-06-12
Advisory Updated Date: 2025-06-12

Severity: Medium

References: CVE-2025-48708
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708)

Affected Packages:

ghostscript

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update ghostscript to update your system.

New Packages:

aarch64:
    ghostscript-9.54.0-9.amzn2.0.11.aarch64
    libgs-9.54.0-9.amzn2.0.11.aarch64
    libgs-devel-9.54.0-9.amzn2.0.11.aarch64
    ghostscript-gtk-9.54.0-9.amzn2.0.11.aarch64
    ghostscript-cups-9.54.0-9.amzn2.0.11.aarch64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.11.aarch64

i686:
    ghostscript-9.54.0-9.amzn2.0.11.i686
    libgs-9.54.0-9.amzn2.0.11.i686
    libgs-devel-9.54.0-9.amzn2.0.11.i686
    ghostscript-gtk-9.54.0-9.amzn2.0.11.i686
    ghostscript-cups-9.54.0-9.amzn2.0.11.i686
    ghostscript-debuginfo-9.54.0-9.amzn2.0.11.i686

noarch:
    ghostscript-doc-9.54.0-9.amzn2.0.11.noarch

src:
    ghostscript-9.54.0-9.amzn2.0.11.src

x86_64:
    ghostscript-9.54.0-9.amzn2.0.11.x86_64
    libgs-9.54.0-9.amzn2.0.11.x86_64
    libgs-devel-9.54.0-9.amzn2.0.11.x86_64
    ghostscript-gtk-9.54.0-9.amzn2.0.11.x86_64
    ghostscript-cups-9.54.0-9.amzn2.0.11.x86_64
    ghostscript-debuginfo-9.54.0-9.amzn2.0.11.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-48708

Mitre: CVE-2025-48708