SCIENTIFIC-LINUX-ERRATA Archives

October 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: ghostscript on SL7.x x86_64
From:
Scott Reid <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 16 Oct 2018 14:25:08 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (42 lines) 
Synopsis:          Important: ghostscript security update
Advisory ID:       SLSA-2018:2918-1
Issue Date:        2018-10-16
CVE Numbers:       CVE-2018-10194
                   CVE-2018-16509
                   CVE-2018-15910
                   CVE-2018-16542
--

Security Fix(es):

* It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass the
- -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document. (CVE-2018-16509)

* ghostscript: LockDistillerParams type confusion (699656)
(CVE-2018-15910)

* ghostscript: .definemodifiedfont memory corruption if /typecheck is
handled (699668) (CVE-2018-16542)

* ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix
function in gdevpdts.c (CVE-2018-10194)
--

SL7
  x86_64
    ghostscript-9.07-29.el7_5.2.i686.rpm
    ghostscript-9.07-29.el7_5.2.x86_64.rpm
    ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm
    ghostscript-debuginfo-9.07-29.el7_5.2.i686.rpm
    ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm
    ghostscript-devel-9.07-29.el7_5.2.i686.rpm
    ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm
    ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm
    ghostscript-9.07-29.el7_5.2.src.rpm
  noarch
    ghostscript-doc-9.07-29.el7_5.2.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2