Synopsis: Important: ghostscript security and bug fix update
Advisory ID:       SLSA-2019:0229-1
Issue Date:        2019-01-31
CVE Numbers:       CVE-2018-16540
                   CVE-2018-19475
                   CVE-2018-19476
                   CVE-2018-19477
                   CVE-2019-6116
--

Security Fix(es):

* ghostscript: use-after-free in copydevice handling (699661)
(CVE-2018-16540)

* ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475)

* ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476)

* ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477)

* ghostscript: subroutines within pseudo-operators must themselves be
pseudo-operators (700317) (CVE-2019-6116)

Bug Fix(es):

* Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during
the standard input reading, causing a "/invalidfileaccess in --run--"
error. With this update, the regression has been fixed and the described
error no longer occurs.
--

SL7
  x86_64
    ghostscript-9.07-31.el7_6.9.i686.rpm
    ghostscript-9.07-31.el7_6.9.x86_64.rpm
    ghostscript-cups-9.07-31.el7_6.9.x86_64.rpm
    ghostscript-debuginfo-9.07-31.el7_6.9.i686.rpm
    ghostscript-debuginfo-9.07-31.el7_6.9.x86_64.rpm
    ghostscript-devel-9.07-31.el7_6.9.i686.rpm
    ghostscript-devel-9.07-31.el7_6.9.x86_64.rpm
    ghostscript-gtk-9.07-31.el7_6.9.x86_64.rpm
    ghostscript-9.07-31.el7_6.9.src.rpm
  noarch
    ghostscript-doc-9.07-31.el7_6.9.noarch.rpm

- Scientific Linux Development Team