Oracle Linux: CVE-2024-33870: ELSA-2024-6197: ghostscript security update (MODERATE) (Multiple Advisories)

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
A flaw was found in Ghostscript. When the `gp_validate_path_len` function validates a path, it distinguishes between absolute and relative paths. In the case of relative paths, it will check the path with and without the current-directory-prefix ("foo" and "./foo"). This does not take into account paths with a parent-directory-prefix. Therefore, a path like "../../foo" is also tested as "./../../foo" and if the current directory "./" is in the permitted paths, it will pass the check, which may allow arbitrary file access.