Synopsis: Important: ghostscript security update
Advisory ID: SLSA-2018:2918-1
Issue Date: 2018-10-16
CVE Numbers: CVE-2018-10194
CVE-2018-16509
CVE-2018-15910
CVE-2018-16542
—
Security Fix(es):
* It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass the
– -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document. (CVE-2018-16509)
* ghostscript: LockDistillerParams type confusion (699656)
(CVE-2018-15910)
* ghostscript: .definemodifiedfont memory corruption if /typecheck is
handled (699668) (CVE-2018-16542)
* ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix
function in gdevpdts.c (CVE-2018-10194)
—
SL7
x86_64
ghostscript-9.07-29.el7_5.2.i686.rpm
ghostscript-9.07-29.el7_5.2.x86_64.rpm
ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm
ghostscript-debuginfo-9.07-29.el7_5.2.i686.rpm
ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm
ghostscript-devel-9.07-29.el7_5.2.i686.rpm
ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm
ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm
ghostscript-9.07-29.el7_5.2.src.rpm
noarch
ghostscript-doc-9.07-29.el7_5.2.noarch.rpm
– Scientific Linux Development Team
