Overview

File _patchinfo of Package patchinfo.34519

<patchinfo incident="34519">
  <issue tracker="cve" id="2024-33870"/>
  <issue tracker="cve" id="2024-33869"/>
  <issue tracker="cve" id="2024-29510"/>
  <issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue>
  <issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue>
  <issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue>
  <packager>jsmeix</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ghostscript</summary>
  <description>This update for ghostscript fixes the following issues:

- CVE-2024-29510: Fixed an arbitrary path traversal when running in a
  permitted path (bsc#1226945).
- CVE-2024-33870: Fixed a format string injection that could lead to
  command execution (bsc#1226944).
- CVE-2024-33869: Fixed a path validation bypass that could lead to
  path traversal (bsc#1226946).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places