34088 – ghostscript new security issues CVE-2025-2783[0-7]

Bug 34088 - ghostscript new security issues CVE-2025-2783[0-7]

Summary: ghostscript new security issues CVE-2025-2783[0-7]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-03-12 15:58 CET by Nicolas Salguero
Modified:	2025-03-15 02:41 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	ghostscript-10.04.0-1.mga9.src.rpm
CVE:	CVE-2025-27830, CVE-2025-27831, CVE-2025-27832, CVE-2025-27833, CVE-2025-27834, CVE-2025-27835, CVE-2025-27836, CVE-2025-27837
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-03-12 15:58:08 CET

Upstream has released version 10.05.0 on March 12:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050

Nicolas Salguero 2025-03-12 15:59:49 CET

Source RPM: (none) => ghostscript-10.04.0-1.mga10.src.rpm, ghostscript-10.04.0-1.mga9.src.rpm
Status comment: (none) => Fixed upstream in 10.05.0
CVE: (none) => CVE-2025-27830, CVE-2025-27831, CVE-2025-27832, CVE-2025-27833, CVE-2025-27834, CVE-2025-27835, CVE-2025-27836, CVE-2025-27837
Whiteboard: (none) => MGA9TOO

Comment 1 Lewis Smith 2025-03-12 20:26:53 CET

Assigning to you, nicolas, as you are the visible maintainer of this SRPM, and have already updated Cauldron! Can you do M9 as well?

Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2025-03-13 15:16:32 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities.

References:
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050
========================

Updated packages in core/updates_testing:
========================
ghostscript-10.05.0-1.mga9
ghostscript-X-10.05.0-1.mga9
ghostscript-common-10.05.0-1.mga9
ghostscript-doc-10.05.0-1.mga9
ghostscript-dvipdf-10.05.0-1.mga9
ghostscript-module-X-10.05.0-1.mga9
lib(64)gs10-10.05.0-1.mga9
lib(64)gs-devel-10.05.0-1.mga9
lib(64)ijs1-0.35-184.mga9
lib(64)ijs-devel-0.35-184.mga9

from SRPM:
ghostscript-10.05.0-1.mga9.src.rpm

Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 9
Source RPM: ghostscript-10.04.0-1.mga10.src.rpm, ghostscript-10.04.0-1.mga9.src.rpm => ghostscript-10.04.0-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Status comment: Fixed upstream in 10.05.0 => (none)
Status: NEW => ASSIGNED

katnatek 2025-03-13 19:44:58 CET

Keywords: (none) => advisory

Comment 3 katnatek 2025-03-14 02:52:04 CET

RH x86_64

installing ghostscript-common-10.05.0-1.mga9.x86_64.rpm lib64gs10-10.05.0-1.mga9.x86_64.rpm ghostscript-module-X-10.05.0-1.mga9.x86_64.rpm ghostscript-10.05.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/4: ghostscript-common    ##################################################################################################
      2/4: lib64gs10             ##################################################################################################
      3/4: ghostscript           ##################################################################################################
      4/4: ghostscript-module-X  ##################################################################################################
      1/4: removing ghostscript-10.04.0-1.mga9.x86_64
                                 ##################################################################################################
      2/4: removing ghostscript-module-X-10.04.0-1.mga9.x86_64
                                 ##################################################################################################
      3/4: removing ghostscript-common-10.04.0-1.mga9.x86_64
                                 ##################################################################################################
      4/4: removing lib64gs10-10.04.0-1.mga9.x86_64
                                 ##################################################################################################

LC_ALL=C urpmi ghostscript-X


installing ghostscript-X-10.05.0-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: ghostscript-X         ##################################################################################################


open pdf with gs

I still see the repeated image behavior in bug#32619 comment#4
Test the same pdf with gsx whe resize the window the content is not resized

Test if not cause issues with lilypond

LC_ALL=C lilypond TogoHT.ly 
GNU LilyPond 2.24.3 (running Guile 2.2)
Processing `TogoHT.ly'
Parsing...
Interpreting music...[8]
Preprocessing graphical objects...
Finding the ideal number of pages...
Fitting music on 1 page...
Drawing systems...
Converting to `TogoHT.pdf'...
Success: compilation successfully completed

TogoHT.pdf looks good

Looks good to me

Comment 4 Herman Viaene 2025-03-14 10:57:24 CET

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
pdf file displays OK with the same remark on repeating when resizing the window as in previous versions, so not a regression.
$ gs -h
GPL Ghostscript 10.05.0 (2025-03-12)
Copyright (C) 2025 Artifex Software, Inc.  All rights reserved.
Usage: gs [switches] [file1.ps file2.ps ...]
Most frequently used switches: (you can use # in place of =)
 -dNOPAUSE           no pause after page   | -q       `quiet', fewer messages
 -g<width>x<height>  page size in pixels   | -r<res>  pixels/inch resolution
 -sDEVICE=<devname>  select device         | -dBATCH  exit after last file
 -sOutputFile=<file> select output file: - for stdout, |command for pipe,
                                         embed %d or %ld for page #
Input formats: PostScript PostScriptLevel1 PostScriptLevel2 PostScriptLevel3 PDF
Default output device: x11alpha
Available devices:
   alc1900 alc2000 alc4000 alc4100 alc8500 alc8600 alc9100 ap3250 appledmp
and a lot more......
All seems OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 5 Thomas Andrews 2025-03-14 20:35:55 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Mageia Robot 2025-03-15 02:41:27 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0098.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.