Amazon Linux AMI update for ghostscript

Published: 2024-08-06

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-33871
CWE-ID	CWE-427
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Amazon Linux AMI Operating systems & Components / Operating system ghostscript Operating systems & Components / Operating system package or component
Vendor	Amazon Web Services

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Insecure DLL loading

EUVDB-ID: #VU92102

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33871

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. A remote attacker can pass a specially crafted document to the application and execute arbitrary library on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Update the affected packages:

aarch64:
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.7.aarch64
    libgs-devel-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-x11-9.56.1-7.amzn2023.0.7.aarch64
    libgs-debuginfo-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-gtk-9.56.1-7.amzn2023.0.7.aarch64
    libgs-9.56.1-7.amzn2023.0.7.aarch64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.7.aarch64

noarch:
    ghostscript-doc-9.56.1-7.amzn2023.0.7.noarch

src:
    ghostscript-9.56.1-7.amzn2023.0.7.src

x86_64:
    ghostscript-gtk-9.56.1-7.amzn2023.0.7.x86_64
    libgs-9.56.1-7.amzn2023.0.7.x86_64
    libgs-devel-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-x11-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.7.x86_64
    libgs-debuginfo-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.7.x86_64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.7.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

ghostscript: before 9.56.1-7

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:

External links

http://alas.aws.amazon.com/AL2023/ALAS-2024-637.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.