Synopsis: Low: ghostscript security, bug fix, and enhancement update
Advisory ID:       SLSA-2019:2281-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-11645
--

The following packages have been upgraded to a later upstream version:
ghostscript (9.25).

Security Fix(es):

* ghostscript: status command permitted with -dSAFER in psi/zfile.c
allowing attackers to identify the size and existence of files
(CVE-2018-11645)
--

SL7
  x86_64
    ghostscript-9.25-2.el7.i686.rpm
    libgs-9.25-2.el7.x86_64.rpm
    ghostscript-9.25-2.el7.x86_64.rpm
    libgs-9.25-2.el7.i686.rpm
    ghostscript-cups-9.25-2.el7.x86_64.rpm
    ghostscript-doc-9.25-2.el7.noarch.rpm
    ghostscript-gtk-9.25-2.el7.x86_64.rpm
    libgs-devel-9.25-2.el7.i686.rpm
    libgs-devel-9.25-2.el7.x86_64.rpm
    ghostscript-debuginfo-9.25-2.el7.i686.rpm
    ghostscript-debuginfo-9.25-2.el7.x86_64.rpm
  noarch
    ghostscript-doc-9.25-2.el7.noarch.rpm

- Scientific Linux Development Team