Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2019:0229-1 Issue Date: 2019-01-31 CVE Numbers: CVE-2018-16540 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2019-6116 -- Security Fix(es): * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) Bug Fix(es): * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a "/invalidfileaccess in --run--" error. With this update, the regression has been fixed and the described error no longer occurs. -- SL7 x86_64 ghostscript-9.07-31.el7_6.9.i686.rpm ghostscript-9.07-31.el7_6.9.x86_64.rpm ghostscript-cups-9.07-31.el7_6.9.x86_64.rpm ghostscript-debuginfo-9.07-31.el7_6.9.i686.rpm ghostscript-debuginfo-9.07-31.el7_6.9.x86_64.rpm ghostscript-devel-9.07-31.el7_6.9.i686.rpm ghostscript-devel-9.07-31.el7_6.9.x86_64.rpm ghostscript-gtk-9.07-31.el7_6.9.x86_64.rpm ghostscript-9.07-31.el7_6.9.src.rpm noarch ghostscript-doc-9.07-31.el7_6.9.noarch.rpm - Scientific Linux Development Team