5656 – (CVE-2023-36664) CVE-2023-36664: A vulnerability was found in Ghostscript

Bug 5656 (CVE-2023-36664) - CVE-2023-36664: A vulnerability was found in Ghostscript

Summary: CVE-2023-36664: A vulnerability was found in Ghostscript

Status:	RESOLVED FIXED

Alias:	CVE-2023-36664

Product:	Anolis OS 23
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	23.0
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	扣肉
QA Contact:	bolong_tbl

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-28 11:29 UTC by 扣肉
Modified:	2023-07-09 11:14 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 扣肉 2023-06-28 11:29:47 UTC

https://access.redhat.com/security/cve/cve-2023-36664
https://bugzilla.redhat.com/show_bug.cgi?id=2217798
https://git.ghostscript.com/?p=ghostpdl.git

A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Comment 1 扣肉 2023-07-05 13:01:04 UTC

https://gitee.com/src-anolis-os/ghostscript/pulls/14

已经等待merge

Comment 2 扣肉 2023-07-09 11:14:14 UTC

包已到达仓库