Synopsis: Important: ghostscript security update
Advisory ID: SLSA-2018:3760-1
Issue Date: 2018-12-04
CVE Numbers: CVE-2018-16509
—
Security Fix(es):
* It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass the
– -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document. (CVE-2018-16509)
—
SL6
x86_64
ghostscript-8.70-24.el6_10.2.i686.rpm
ghostscript-8.70-24.el6_10.2.x86_64.rpm
ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm
ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm
ghostscript-devel-8.70-24.el6_10.2.i686.rpm
ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm
ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm
ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm
i386
ghostscript-8.70-24.el6_10.2.i686.rpm
ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm
ghostscript-devel-8.70-24.el6_10.2.i686.rpm
ghostscript-doc-8.70-24.el6_10.2.i686.rpm
ghostscript-gtk-8.70-24.el6_10.2.i686.rpm
– Scientific Linux Development Team
