Synopsis: Important: ghostscript security update

Advisory ID:       SLSA-2018:3650-1

Issue Date:        2018-11-27

CVE Numbers:       CVE-2018-15908

                   CVE-2018-16511

                   CVE-2018-15909

                   CVE-2018-16539

--



Security Fix(es):



* ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908)



* ghostscript: shading_param incomplete type checking (699660)

(CVE-2018-15909)



* ghostscript: missing type check in type checker (699659)

(CVE-2018-16511)



* ghostscript: incorrect access checking in temp file handling to disclose

contents of files (699658) (CVE-2018-16539)

--



SL7

  x86_64

    ghostscript-9.07-31.el7_6.1.i686.rpm

    ghostscript-9.07-31.el7_6.1.x86_64.rpm

    ghostscript-cups-9.07-31.el7_6.1.x86_64.rpm

    ghostscript-debuginfo-9.07-31.el7_6.1.i686.rpm

    ghostscript-debuginfo-9.07-31.el7_6.1.x86_64.rpm

    ghostscript-devel-9.07-31.el7_6.1.i686.rpm

    ghostscript-devel-9.07-31.el7_6.1.x86_64.rpm

    ghostscript-gtk-9.07-31.el7_6.1.x86_64.rpm

    ghostscript-9.07-31.el7_6.1.src.rpm

  noarch

    ghostscript-doc-9.07-31.el7_6.1.noarch.rpm



- Scientific Linux Development Team