Synopsis: Low: ghostscript security, bug fix, and enhancement update

Advisory ID:       SLSA-2019:2281-1

Issue Date:        2019-08-06

CVE Numbers:       CVE-2018-11645

--



The following packages have been upgraded to a later upstream version:

ghostscript (9.25).



Security Fix(es):



* ghostscript: status command permitted with -dSAFER in psi/zfile.c

allowing attackers to identify the size and existence of files

(CVE-2018-11645)

--



SL7

  x86_64

    ghostscript-9.25-2.el7.i686.rpm

    libgs-9.25-2.el7.x86_64.rpm

    ghostscript-9.25-2.el7.x86_64.rpm

    libgs-9.25-2.el7.i686.rpm

    ghostscript-cups-9.25-2.el7.x86_64.rpm

    ghostscript-doc-9.25-2.el7.noarch.rpm

    ghostscript-gtk-9.25-2.el7.x86_64.rpm

    libgs-devel-9.25-2.el7.i686.rpm

    libgs-devel-9.25-2.el7.x86_64.rpm

    ghostscript-debuginfo-9.25-2.el7.i686.rpm

    ghostscript-debuginfo-9.25-2.el7.x86_64.rpm

  noarch

    ghostscript-doc-9.25-2.el7.noarch.rpm



- Scientific Linux Development Team