ALAS-2025-1978

Amazon Linux 1 (EOL) Security Advisory: ALAS-2025-1978
Advisory Released Date: 2025-05-12
Advisory Updated Date: 2025-05-12
Severity: Important
Issue Overview:

PS interpreter - check the type of the Pattern Implementation

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee (ghostpdl-10.04.0) (CVE-2024-46951)

Check for overflow validating format string

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0) (CVE-2024-46953)

PostScript interpreter - fix buffer length check

NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0) (CVE-2024-46956)


Affected Packages:

ghostscript


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
i686:
    ghostscript-debuginfo-8.70-24.35.amzn1.i686
    ghostscript-devel-8.70-24.35.amzn1.i686
    ghostscript-doc-8.70-24.35.amzn1.i686
    ghostscript-8.70-24.35.amzn1.i686

src:
    ghostscript-8.70-24.35.amzn1.src

x86_64:
    ghostscript-devel-8.70-24.35.amzn1.x86_64
    ghostscript-doc-8.70-24.35.amzn1.x86_64
    ghostscript-debuginfo-8.70-24.35.amzn1.x86_64
    ghostscript-8.70-24.35.amzn1.x86_64

Additional References

Red Hat: CVE-2024-46951, CVE-2024-46953, CVE-2024-46956

Mitre: CVE-2024-46951, CVE-2024-46953, CVE-2024-46956