Synopsis: Important: ghostscript security update Advisory ID: SLSA-2018:2918-1 Issue Date: 2018-10-16 CVE Numbers: CVE-2018-10194 CVE-2018-16509 CVE-2018-15910 CVE-2018-16542 -- Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) * ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910) * ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c (CVE-2018-10194) -- SL7 x86_64 ghostscript-9.07-29.el7_5.2.i686.rpm ghostscript-9.07-29.el7_5.2.x86_64.rpm ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm ghostscript-debuginfo-9.07-29.el7_5.2.i686.rpm ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm ghostscript-devel-9.07-29.el7_5.2.i686.rpm ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm ghostscript-9.07-29.el7_5.2.src.rpm noarch ghostscript-doc-9.07-29.el7_5.2.noarch.rpm - Scientific Linux Development Team