Bugzilla – Bug 1214536
VUL-0: CVE-2023-4042: ghostscript,ghostscript-library: Incomplete fix for CVE-2020-16305
Last modified: 2023-09-05 11:38:07 UTC
CVE-2023-4042 A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4042 https://bugzilla.redhat.com/show_bug.cgi?id=1870257 https://bugzilla.redhat.com/show_bug.cgi?id=2228151 https://www.cve.org/CVERecord?id=CVE-2023-4042 https://access.redhat.com/security/cve/CVE-2023-4042
bsc#1175719 was fixed via version update, closing as invalid
Actually closing as invalid according to https://bugzilla.suse.com/show_bug.cgi?id=1214536#c1 Ghostscript version 9.51 contains the fix for CVE-2020-16305 and meanwhile we have Ghostscript 9.52 in SLE12 and SLE15. FYI: Our Ghostscript 9.52 has also CVE-2023-38559 fixed which is in base/gdevdevn.c the same issue "ordering in if expression to avoid out-of-bounds access" as the already fixed CVE-2020-16305 in devices/gdevpcx.c see bug #1213637