ELSA-2018-3834

ELSA-2018-3834 - ghostscript security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-12-18

Description


[9.07-31.el7_6.6]
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)

[9.07-31.el7_6.5]
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)

[9.07-31.el7_6.4]
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect 'restoration of
privilege' checking when running out of stack during exception handling
- Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c


Related CVEs


CVE-2018-15911
CVE-2018-16541
CVE-2018-17961
CVE-2018-16802
CVE-2018-17183
CVE-2018-18073
CVE-2018-18284
CVE-2018-19134
CVE-2018-19409

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) ghostscript-9.07-31.el7_6.6.src.rpm505688e59f80223310af83e0c349ee98-
ghostscript-9.07-31.el7_6.6.aarch64.rpmcb01bd8d2ffa4a71ab15777e80b0c70c-
ghostscript-cups-9.07-31.el7_6.6.aarch64.rpmd7da16b8faa97d07c8e4f4235de37e0b-
ghostscript-devel-9.07-31.el7_6.6.aarch64.rpm84f4d7648db3ba9b9de6c66d0c5e9589-
ghostscript-doc-9.07-31.el7_6.6.noarch.rpm8fd2531f3a0be8516d797d9e22289589-
ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm63ed7c9ae93177708689e2e8ea071630-
Oracle Linux 7 (x86_64) ghostscript-9.07-31.el7_6.6.src.rpm505688e59f80223310af83e0c349ee98-
ghostscript-9.07-31.el7_6.6.i686.rpm62e1ed8d4bda7055925915bcdcd172fd-
ghostscript-9.07-31.el7_6.6.x86_64.rpmb8ed7019f6f70efe8f62440d279405a4-
ghostscript-cups-9.07-31.el7_6.6.x86_64.rpm4ba709207a9b882d389e6d5b450e7ea6-
ghostscript-devel-9.07-31.el7_6.6.i686.rpmb06723fe8a3c09d0f78c8566c73bd64d-
ghostscript-devel-9.07-31.el7_6.6.x86_64.rpme015fa48c75a7c1467b7b335b85296a8-
ghostscript-doc-9.07-31.el7_6.6.noarch.rpm8fd2531f3a0be8516d797d9e22289589-
ghostscript-gtk-9.07-31.el7_6.6.x86_64.rpm2b9527847efef450edade7d1778d2792-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete