Bug 34307 - ghostscript new security issue CVE-2025-48708
Summary: ghostscript new security issue CVE-2025-48708
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-05-26 08:38 CEST by Nicolas Salguero
Modified: 2025-05-28 21:46 CEST (History)
3 users (show)

See Also:
Source RPM: ghostscript-10.05.0-1.mga9.src.rpm
CVE: CVE-2025-48708
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-05-26 08:38:53 CEST 
CVE-2025-48708 was announced here:
https://www.openwall.com/lists/oss-security/2025/05/23/2
Nicolas Salguero 2025-05-26 08:39:32 CEST

Source RPM: (none) => ghostscript-10.05.0-1.mga9.src.rpm
CVE: (none) => CVE-2025-48708

Comment 1 Nicolas Salguero 2025-05-26 10:29:22 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708)

References:
https://www.openwall.com/lists/oss-security/2025/05/23/2
========================

Updated packages in core/updates_testing:
========================
ghostscript-10.05.1-1.mga9
ghostscript-X-10.05.1-1.mga9
ghostscript-common-10.05.1-1.mga9
ghostscript-doc-10.05.1-1.mga9
ghostscript-dvipdf-10.05.1-1.mga9
ghostscript-module-X-10.05.1-1.mga9
lib(64)gs-devel-10.05.1-1.mga9
lib(64)gs10-10.05.1-1.mga9
lib(64)ijs-devel-0.35-185.mga9
lib(64)ijs1-0.35-185.mga9

from SRPM:
ghostscript-10.05.1-1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED

Comment 2 Herman Viaene 2025-05-27 16:02:23 CEST 
No installation issues.
pdf file displays OK with the same remark on repeating when resizing the window as in previous versions, so not a regression.Ref bug 32619 Comment 4.

$  gs -h
GPL Ghostscript 10.05.1 (2025-04-29)
Copyright (C) 2025 Artifex Software, Inc.  All rights reserved.
Usage: gs [switches] [file1.ps file2.ps ...]
Most frequently used switches: (you can use # in place of =)
 -dNOPAUSE           no pause after page   | -q       `quiet', fewer messages
 -g<width>x<height>  page size in pixels   | -r<res>  pixels/inch resolution
 -sDEVICE=<devname>  select device         | -dBATCH  exit after last file
 -sOutputFile=<file> select output file: - for stdout, |command for pipe,
                                         embed %d or %ld for page #
Input formats: PostScript PostScriptLevel1 PostScriptLevel2 PostScriptLevel3 PDF
Default output device: x11alpha
Available devices:
   alc1900 alc2000 alc4000 alc4100 alc8500 alc8600 alc9100 ap3250 appledmp
And a lot more .....
All OK.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

katnatek 2025-05-28 03:06:58 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2025-05-28 03:23:41 CEST 
RH x86_64

installing ghostscript-X-10.05.1-1.mga9.x86_64.rpm ghostscript-10.05.1-1.mga9.x86_64.rpm ghostscript-module-X-10.05.1-1.mga9.x86_64.rpm ghostscript-common-10.05.1-1.mga9.x86_64.rpm lib64gs10-10.05.1-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/5: ghostscript-common    ##################################################################################################
      2/5: lib64gs10             ##################################################################################################
      3/5: ghostscript-X         ##################################################################################################
      4/5: ghostscript           ##################################################################################################
      5/5: ghostscript-module-X  ##################################################################################################
      1/5: removing ghostscript-10.05.0-1.mga9.x86_64
                                 ##################################################################################################
      2/5: removing ghostscript-X-10.05.0-1.mga9.x86_64
                                 ##################################################################################################
      3/5: removing ghostscript-module-X-10.05.0-1.mga9.x86_64
                                 ##################################################################################################
      4/5: removing ghostscript-common-10.05.0-1.mga9.x86_64
                                 ##################################################################################################
      5/5: removing lib64gs10-10.05.0-1.mga9.x86_64
                                 ##################################################################################################

open pdf with gs

I still see the repeated image behavior in bug#32619 comment#4
Test the same pdf with gsx whe resize the window the content is not resized

LC_ALL=C lilypond TogoHT.ly 
GNU LilyPond 2.24.3 (running Guile 2.2)
Processing `TogoHT.ly'
Parsing...
Interpreting music...[8]
Preprocessing graphical objects...
Finding the ideal number of pages...
Fitting music on 1 page...
Drawing systems...
Converting to `TogoHT.pdf'...
Success: compilation successfully completed

PDF looks good

CC: (none) => andrewsfarm

Comment 4 Thomas Andrews 2025-05-28 13:34:46 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2025-05-28 21:46:28 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0170.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.