ELSA-2019-0971

ELSA-2019-0971 - ghostscript security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-07-30

Description

[9.25-2.1]
- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- fix included for ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839

Related CVEs

CVE-2019-3839

CVE-2019-3838

CVE-2019-3835

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	ghostscript-9.25-2.el8_0.1.src.rpm	301b429d69323e42d99a88c605b0eed62c2ae9365bab1909b5c73927462795c2	-	ol8_aarch64_appstream
	ghostscript-9.25-2.el8_0.1.src.rpm	301b429d69323e42d99a88c605b0eed62c2ae9365bab1909b5c73927462795c2	-	ol8_aarch64_codeready_builder
	ghostscript-9.25-2.el8_0.1.aarch64.rpm	0f2bf65aec518cbd2a57756149939d96a2720d79c0d077840e6de6c56838d08a	-	ol8_aarch64_appstream
	ghostscript-doc-9.25-2.el8_0.1.noarch.rpm	b765bc499fd5c0e85b3a4a334eb2e7f77e267661320d7221aa5fb6075277da0d	-	ol8_aarch64_codeready_builder
	ghostscript-tools-dvipdf-9.25-2.el8_0.1.aarch64.rpm	447351fee45b1b2033420b5bffc108d2c1deb61d96cf508482416416aa645d15	-	ol8_aarch64_codeready_builder
	ghostscript-tools-fonts-9.25-2.el8_0.1.aarch64.rpm	728f522c2fc451b667de8a3d158e376ea653d356d2ca4f6577ab4583c70a1766	-	ol8_aarch64_codeready_builder
	ghostscript-tools-printing-9.25-2.el8_0.1.aarch64.rpm	05a4eb61ab102b217341c0ec4495c2c01b64a8bacd0a4ff64cb448f95af4dd32	-	ol8_aarch64_codeready_builder
	ghostscript-x11-9.25-2.el8_0.1.aarch64.rpm	10f5823df628c4c59b8380e6340cba8c29c8cfec1e51486d4a0ff6fbbc83f063	-	ol8_aarch64_codeready_builder
	libgs-9.25-2.el8_0.1.aarch64.rpm	024a7b93356f624e384d724a169db4756f47af109a9cee45753575ec27cc2d69	-	ol8_aarch64_appstream
	libgs-devel-9.25-2.el8_0.1.aarch64.rpm	93090d86ddca7cc9835fb90c2e17d7a64dcd68bc91a89f858b14f8a0f211efbc	-	ol8_aarch64_codeready_builder
Oracle Linux 8 (x86_64)	ghostscript-9.25-2.el8_0.1.src.rpm	301b429d69323e42d99a88c605b0eed62c2ae9365bab1909b5c73927462795c2	-	ol8_x86_64_appstream
	ghostscript-9.25-2.el8_0.1.src.rpm	301b429d69323e42d99a88c605b0eed62c2ae9365bab1909b5c73927462795c2	-	ol8_x86_64_codeready_builder
	ghostscript-9.25-2.el8_0.1.x86_64.rpm	abac8c61907dbaae08f33b2c98386e1477a3b857c8b1752c598776c8de058442	-	ol8_x86_64_appstream
	ghostscript-doc-9.25-2.el8_0.1.noarch.rpm	b765bc499fd5c0e85b3a4a334eb2e7f77e267661320d7221aa5fb6075277da0d	-	ol8_x86_64_codeready_builder
	ghostscript-tools-dvipdf-9.25-2.el8_0.1.x86_64.rpm	aae13568a51a7ef7b0baa6293ad1c0299f0a023b9e81d08f2ae609060a49beb9	-	ol8_x86_64_codeready_builder
	ghostscript-tools-fonts-9.25-2.el8_0.1.x86_64.rpm	aff4a18b2c3b993ef46bf1cbcc053c550ef5776add5f004647e6fe49fbdc1d3e	-	ol8_x86_64_codeready_builder
	ghostscript-tools-printing-9.25-2.el8_0.1.x86_64.rpm	b1ee62b6b0b4477fb4f92694b7305b8225c5950e81d03bde3b61b9412ac29035	-	ol8_x86_64_codeready_builder
	ghostscript-x11-9.25-2.el8_0.1.x86_64.rpm	c9efa0a49e1487208de4f439c07e717b0f87e8cac845aa9094ff66c747cc7558	-	ol8_x86_64_codeready_builder
	libgs-9.25-2.el8_0.1.i686.rpm	392bf7090084db7b2dd5e128df982ca4a5b3f8660744bd846560c6f23e0b0c82	-	ol8_x86_64_appstream
	libgs-9.25-2.el8_0.1.x86_64.rpm	90acc7f3d8c27abe1942ef98a1b1417932b8a5778afcb13f818ebb8ae6edaf67	-	ol8_x86_64_appstream
	libgs-devel-9.25-2.el8_0.1.i686.rpm	a67457742415efce15fdd8d16f7668f23ff638a857d84b3e6e0014f597357ad9	-	ol8_x86_64_codeready_builder
	libgs-devel-9.25-2.el8_0.1.x86_64.rpm	834bede00c97162c5f60e29e4e28beb8956152f524335e19356684b501f25dbd	-	ol8_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team