Synopsis: Important: ghostscript security update

    Advisory ID:       SLSA-2019:2586-1

    Issue Date:        2019-09-03

    CVE Numbers:       CVE-2019-14813

                       CVE-2019-14812

                       CVE-2019-14811

                       CVE-2019-14817

    --

    

    Security Fix(es):

    

    * ghostscript: Safer mode bypass by .forceput exposure in

    .pdf_hook_DSC_Creator (701445) (CVE-2019-14811)

    

    * ghostscript: Safer mode bypass by .forceput exposure in setuserparams

    (701444) (CVE-2019-14812)

    

    * ghostscript: Safer mode bypass by .forceput exposure in setsystemparams

    (701443) (CVE-2019-14813)

    

    * ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken

    and other procedures (701450) (CVE-2019-14817)

    --

    

    SL7

      x86_64

        ghostscript-9.25-2.el7_7.2.i686.rpm

        ghostscript-9.25-2.el7_7.2.x86_64.rpm

        ghostscript-cups-9.25-2.el7_7.2.x86_64.rpm

        ghostscript-debuginfo-9.25-2.el7_7.2.i686.rpm

        ghostscript-debuginfo-9.25-2.el7_7.2.x86_64.rpm

        libgs-9.25-2.el7_7.2.i686.rpm

        libgs-9.25-2.el7_7.2.x86_64.rpm

        ghostscript-gtk-9.25-2.el7_7.2.x86_64.rpm

        libgs-devel-9.25-2.el7_7.2.i686.rpm

        libgs-devel-9.25-2.el7_7.2.x86_64.rpm

      noarch

        ghostscript-doc-9.25-2.el7_7.2.noarch.rpm

    

    - Scientific Linux Development Team