Synopsis: Important: ghostscript security and bug fix update
Advisory ID: SLSA-2019:0229-1
Issue Date: 2019-01-31
CVE Numbers: CVE-2018-16540
CVE-2018-19475
CVE-2018-19476
CVE-2018-19477
CVE-2019-6116
—
Security Fix(es):
* ghostscript: use-after-free in copydevice handling (699661)
(CVE-2018-16540)
* ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475)
* ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476)
* ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477)
* ghostscript: subroutines within pseudo-operators must themselves be
pseudo-operators (700317) (CVE-2019-6116)
Bug Fix(es):
* Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during
the standard input reading, causing a “/invalidfileaccess in –run–”
error. With this update, the regression has been fixed and the described
error no longer occurs.
—
SL7
x86_64
ghostscript-9.07-31.el7_6.9.i686.rpm
ghostscript-9.07-31.el7_6.9.x86_64.rpm
ghostscript-cups-9.07-31.el7_6.9.x86_64.rpm
ghostscript-debuginfo-9.07-31.el7_6.9.i686.rpm
ghostscript-debuginfo-9.07-31.el7_6.9.x86_64.rpm
ghostscript-devel-9.07-31.el7_6.9.i686.rpm
ghostscript-devel-9.07-31.el7_6.9.x86_64.rpm
ghostscript-gtk-9.07-31.el7_6.9.x86_64.rpm
ghostscript-9.07-31.el7_6.9.src.rpm
noarch
ghostscript-doc-9.07-31.el7_6.9.noarch.rpm
– Scientific Linux Development Team
