See https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ for more details and https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde for a potential fix from upstream. TODO: check if this patch applies and which version of ghostscript it applies to.
9.54.0 it seems https://git.alpinelinux.org/aports/commit/?id=e7bcfafffdc528a8ac2f44662806ea4c199305fb
Sorry about the delay. Ghostscript ports are now back to the pool (ports@) and not maintained by doceng@ anymore.
Ghostscript is at 9.56.1. Can this be closed?
This is concerning news for anyone who relies on Ghostscript for their server. The fact that proof-of-concept code has been published means that the vulnerability is real and can be exploited by malicious actors. It is crucial that server administrators take action to mitigate this risk by ensuring that they are not using vulnerable versions of Ghostscript and applying any available patches as soon as possible. It is also important to monitor for any suspicious activity on servers that use Ghostscript and to have a plan https://essayservice.io/ in place for responding to any potential attacks. Cybersecurity threats like this highlight the need for ongoing vigilance and proactive measures to protect against cyber attacks.
(In reply to Michael Osipov from comment #3) Since more than one vuln.xml entry claims every version less than 10.01.0 has more than one vulnerability, I suggest that this bug not be closed prior to 10.01.0 appearing in the ports tree.
print/ghostscript9 has been removed. print/ghostscript10 has been updated long time ago.