ELSA-2019-2281
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-2281
ELSA-2019-2281 - ghostscript security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | LOW |
| Release Date: | 2019-08-13 |
Description
[9.25-2]
- obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel
[9.25-1]
- Rebase to latest upstream version (bug #1636115)
- Resolves: #1673399 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678172 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1680026 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839
[9.07-32]
- Remove as many non-standard operators as possible to make the codebase
closer to upstream for later CVEs
- Resolves: #1621385 - CVE-2018-16511 ghostscript: missing type check in type
checker (699659)
- Resolves: #1649722 - CVE-2018-16539 ghostscript: incorrect access checking
in temp file handling to disclose contents of files (699658)
- Resolves: #1621162 - CVE-2018-15908 ghostscript: .tempfile file permission
issues (699657)
- Resolves: #1621384 - CVE-2018-15909 ghostscript: shading_param incomplete
type checking (699660)
- Resolves: #1652902 - CVE-2018-16863 ghostscript: incomplete fix for
CVE-2018-16509
- Resolves: #1654045 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1651150 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650061 - CVE-2018-16802 ghostscript: Incorrect 'restoration of
privilege' checking when running out of stack during exception handling
- Resolves: #1652936 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654622 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650211 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645517 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648892 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643117 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655939 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
- Resolves: #1657694 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1661210 pdf2ps reports an error when reading from stdin
- Resolves: #1657334 - CVE-2018-16540 ghostscript: use-after-free in
copydevice handling (699661)
- Resolves: #1660570 - CVE-2018-19475 ghostscript: access bypass in
psi/zdevice2.c (700153)
- Resolves: #1660829 - CVE-2018-19476 ghostscript: access bypass in
psi/zicc.c
- Resolves: #1661279 - CVE-2018-19477 ghostscript: access bypass in
psi/zfjbig2.c (700168)
- Resolves: #1667443 - CVE-2019-6116 ghostscript: subroutines within
pseudo-operators must themselves be pseudo-operators
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
Related CVEs
| CVE-2018-11645 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | ghostscript-9.25-2.el7.src.rpm | 419e92c8b19fb3df9fed26727945ab6b4aff46fa0747f85b08862cffa2fdee20 | ELSA-2024-4549 | ol7_aarch64_latest |
| ghostscript-9.25-2.el7.src.rpm | 419e92c8b19fb3df9fed26727945ab6b4aff46fa0747f85b08862cffa2fdee20 | ELSA-2024-4549 | ol7_aarch64_u7_base | |
| ghostscript-9.25-2.el7.aarch64.rpm | 7b2f3ebf54bc0d9ddce5158607865a0cbfde5510e32ec4e3f2b0126ece62f259 | ELSA-2024-4549 | ol7_aarch64_latest | |
| ghostscript-9.25-2.el7.aarch64.rpm | 7b2f3ebf54bc0d9ddce5158607865a0cbfde5510e32ec4e3f2b0126ece62f259 | ELSA-2024-4549 | ol7_aarch64_u7_base | |
| ghostscript-cups-9.25-2.el7.aarch64.rpm | 042c434ab92e9891fbd92ec0451d959fdbeac6a255ba850713402851f3c42b15 | ELSA-2024-4549 | ol7_aarch64_latest | |
| ghostscript-cups-9.25-2.el7.aarch64.rpm | 042c434ab92e9891fbd92ec0451d959fdbeac6a255ba850713402851f3c42b15 | ELSA-2024-4549 | ol7_aarch64_u7_base | |
| ghostscript-doc-9.25-2.el7.noarch.rpm | 105950383464d01514f9012b0e4a5d32cb743d9c0d1e6e278f6e0a3bb43d0412 | ELSA-2024-4549 | ol7_aarch64_optional_latest | |
| ghostscript-gtk-9.25-2.el7.aarch64.rpm | cdc4d27dc81f8ae1b13bdee062d29e1165f6a9074cb5b1c23df329d1d3c3a831 | ELSA-2024-4549 | ol7_aarch64_optional_latest | |
| libgs-9.25-2.el7.aarch64.rpm | be5f75d165f80e464a8d213534cc161bbb30890e3acf016cabcc8f687323be76 | ELSA-2024-4549 | ol7_aarch64_latest | |
| libgs-9.25-2.el7.aarch64.rpm | be5f75d165f80e464a8d213534cc161bbb30890e3acf016cabcc8f687323be76 | ELSA-2024-4549 | ol7_aarch64_u7_base | |
| libgs-devel-9.25-2.el7.aarch64.rpm | 8f0500ce1408cbc95c3cee50a656b3a3d686d6974f8b7832e642ead47ec66cfa | ELSA-2024-4549 | ol7_aarch64_optional_latest | |
| Oracle Linux 7 (x86_64) | ghostscript-9.25-2.el7.src.rpm | 419e92c8b19fb3df9fed26727945ab6b4aff46fa0747f85b08862cffa2fdee20 | ELSA-2024-4549 | ol7_x86_64_latest |
| ghostscript-9.25-2.el7.src.rpm | 419e92c8b19fb3df9fed26727945ab6b4aff46fa0747f85b08862cffa2fdee20 | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| ghostscript-9.25-2.el7.i686.rpm | dc3a1ee11b7a0b3871626339b1f03220271b37f0fc8ea362d6489da55d3d7a38 | ELSA-2024-4549 | ol7_x86_64_latest | |
| ghostscript-9.25-2.el7.i686.rpm | dc3a1ee11b7a0b3871626339b1f03220271b37f0fc8ea362d6489da55d3d7a38 | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| ghostscript-9.25-2.el7.x86_64.rpm | b7f0e34e398d56b658722990c41de62c9b97fe423180e12fb4fada94eb874a88 | ELSA-2024-4549 | ol7_x86_64_latest | |
| ghostscript-9.25-2.el7.x86_64.rpm | b7f0e34e398d56b658722990c41de62c9b97fe423180e12fb4fada94eb874a88 | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| ghostscript-cups-9.25-2.el7.x86_64.rpm | 83c4eae91a39fd046b2dae5ee0bb10da0ec700a89b74f61ea87cb0c01b16e81b | ELSA-2024-4549 | ol7_x86_64_latest | |
| ghostscript-cups-9.25-2.el7.x86_64.rpm | 83c4eae91a39fd046b2dae5ee0bb10da0ec700a89b74f61ea87cb0c01b16e81b | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| ghostscript-doc-9.25-2.el7.noarch.rpm | 105950383464d01514f9012b0e4a5d32cb743d9c0d1e6e278f6e0a3bb43d0412 | ELSA-2024-4549 | ol7_x86_64_optional_latest | |
| ghostscript-gtk-9.25-2.el7.x86_64.rpm | 970e0aaee399504627712ac25d5d0e7e59e2932ffce12fbd53251e96f192d7f4 | ELSA-2024-4549 | ol7_x86_64_optional_latest | |
| libgs-9.25-2.el7.i686.rpm | f7dd9a807ae533d18bedb9acf016fe27cb667045eaf1adb0fb9094ded9f85e17 | ELSA-2024-4549 | ol7_x86_64_latest | |
| libgs-9.25-2.el7.i686.rpm | f7dd9a807ae533d18bedb9acf016fe27cb667045eaf1adb0fb9094ded9f85e17 | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| libgs-9.25-2.el7.x86_64.rpm | 466719613f96c73634fc2f4540cc4aba81c4c06f92d63db4895588230ab1dc9d | ELSA-2024-4549 | ol7_x86_64_latest | |
| libgs-9.25-2.el7.x86_64.rpm | 466719613f96c73634fc2f4540cc4aba81c4c06f92d63db4895588230ab1dc9d | ELSA-2024-4549 | ol7_x86_64_u7_base | |
| libgs-devel-9.25-2.el7.i686.rpm | 7b395ed726fca7b04d86fe31c16c6bfc250441f4a7116cbff1f71e7bff13a1cb | ELSA-2024-4549 | ol7_x86_64_optional_latest | |
| libgs-devel-9.25-2.el7.x86_64.rpm | 3dadc96c277ce5f5605f0759141c51b99f031e1ec76a3b28ff07758d436eb506 | ELSA-2024-4549 | ol7_x86_64_optional_latest | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
