Debian has issued an advisory on July 3: https://www.debian.org/security/2023/dsa-5446 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
NicolasS has already done the job in Cauldron: Thu Jul 6 by ns80 - add patches from Debian for CVE-2023-36664 (mga#32070) so necessarily assigning this to you.
Assignee: bugsquad => nicolas.salguero
Ubuntu has issued an advisory for this today (July 10): https://ubuntu.com/security/notices/USN-6213-1
Severity: normal => major
Suggested advisory: ======================== The updated packages fix a security vulnerability: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664 https://www.debian.org/security/2023/dsa-5446 https://ubuntu.com/security/notices/USN-6213-1 ======================== Updated packages in 8/core/updates_testing: ======================== ghostscript-9.53.3-2.5.mga8 ghostscript-X-9.53.3-2.5.mga8 ghostscript-common-9.53.3-2.5.mga8 ghostscript-doc-9.53.3-2.5.mga8 ghostscript-dvipdf-9.53.3-2.5.mga8 ghostscript-module-X-9.53.3-2.5.mga8 lib(64)gs-devel-9.53.3-2.5.mga8 lib(64)gs9-9.53.3-2.5.mga8 lib(64)ijs-devel-0.35-162.5.mga8 lib(64)ijs1-0.35-162.5.mga8 from SRPM: ghostscript-9.53.3-2.5.mga8.src.rpm Updated packages in 9/core/updates_testing: ======================== ghostscript-10.00.0-6.1.mga9 ghostscript-X-10.00.0-6.1.mga9 ghostscript-common-10.00.0-6.1.mga9 ghostscript-doc-10.00.0-6.1.mga9 ghostscript-dvipdf-10.00.0-6.1.mga9 ghostscript-module-X-10.00.0-6.1.mga9 lib(64)gs10-10.00.0-6.1.mga9 lib(64)gs-devel-10.00.0-6.1.mga9 lib(64)ijs1-0.35-173.1.mga9 lib(64)ijs-devel-0.35-173.1.mga9 from SRPM: ghostscript-10.00.0-6.1.mga9.src.rpm
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDVersion: Cauldron => 9Assignee: nicolas.salguero => qa-bugs
CC: (none) => mageia
MGA8-64 Xfce on Acer Aspire 5253 No installation issues. Ref bug 31758 Comment 5, used okular and the gs command to display some device's pdf manual and all worked OK.
CC: (none) => herman.viaeneWhiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64 Plasma, no installation issues. Tested as in comment 4, all looks OK. OKing for MGA9, and validating. Advisory in comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OKKeywords: (none) => validated_update
Depends on: (none) => 32237
Hi, That bug is superseded by bug 32237. Best regards, Nico.
Resolution: (none) => OLDStatus: ASSIGNED => RESOLVED
Marking as duplicate to maintain that link. OLD is for when the bug is only applicable to EOL versions of Mageia. *** This bug has been marked as a duplicate of bug 32237 ***
Resolution: OLD => DUPLICATE