Synopsis: Important: ghostscript security and bug fix update
Advisory ID:       SLSA-2019:0633-1
Issue Date:        2019-03-21
CVE Numbers:       CVE-2019-3838
                   CVE-2019-3835
--

Security Fix(es):

* ghostscript: superexec operator is available (700585) (CVE-2019-3835)

* ghostscript: forceput in DefineResource is still accessible (700576)
(CVE-2019-3838)

Bug Fix(es):

* ghostscript: Regression: double comment chars '%%' in gs_init.ps leading
to missing metadata
--

SL7
  x86_64
    ghostscript-9.07-31.el7_6.10.i686.rpm
    ghostscript-9.07-31.el7_6.10.x86_64.rpm
    ghostscript-cups-9.07-31.el7_6.10.x86_64.rpm
    ghostscript-debuginfo-9.07-31.el7_6.10.i686.rpm
    ghostscript-debuginfo-9.07-31.el7_6.10.x86_64.rpm
    ghostscript-devel-9.07-31.el7_6.10.i686.rpm
    ghostscript-devel-9.07-31.el7_6.10.x86_64.rpm
    ghostscript-gtk-9.07-31.el7_6.10.x86_64.rpm
    ghostscript-9.07-31.el7_6.10.src.rpm
  noarch
    ghostscript-doc-9.07-31.el7_6.10.noarch.rpm

- Scientific Linux Development Team