ELSA-2019-2281
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-2281
ELSA-2019-2281 - ghostscript security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2019-08-13 |
Description
[9.25-2]
- obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel
[9.25-1]
- Rebase to latest upstream version (bug #1636115)
- Resolves: #1673399 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678172 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1680026 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839
[9.07-32]
- Remove as many non-standard operators as possible to make the codebase
closer to upstream for later CVEs
- Resolves: #1621385 - CVE-2018-16511 ghostscript: missing type check in type
checker (699659)
- Resolves: #1649722 - CVE-2018-16539 ghostscript: incorrect access checking
in temp file handling to disclose contents of files (699658)
- Resolves: #1621162 - CVE-2018-15908 ghostscript: .tempfile file permission
issues (699657)
- Resolves: #1621384 - CVE-2018-15909 ghostscript: shading_param incomplete
type checking (699660)
- Resolves: #1652902 - CVE-2018-16863 ghostscript: incomplete fix for
CVE-2018-16509
- Resolves: #1654045 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1651150 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650061 - CVE-2018-16802 ghostscript: Incorrect 'restoration of
privilege' checking when running out of stack during exception handling
- Resolves: #1652936 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654622 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650211 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645517 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648892 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643117 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655939 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
- Resolves: #1657694 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1661210 pdf2ps reports an error when reading from stdin
- Resolves: #1657334 - CVE-2018-16540 ghostscript: use-after-free in
copydevice handling (699661)
- Resolves: #1660570 - CVE-2018-19475 ghostscript: access bypass in
psi/zdevice2.c (700153)
- Resolves: #1660829 - CVE-2018-19476 ghostscript: access bypass in
psi/zicc.c
- Resolves: #1661279 - CVE-2018-19477 ghostscript: access bypass in
psi/zfjbig2.c (700168)
- Resolves: #1667443 - CVE-2019-6116 ghostscript: subroutines within
pseudo-operators must themselves be pseudo-operators
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
Related CVEs
| CVE-2018-11645 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | ghostscript-9.25-2.el7.src.rpm | 1c9668c9764da874c24536ded3e24327 | ELBA-2020-3945 |
| ghostscript-9.25-2.el7.aarch64.rpm | e001225673b4fa5ad97050dd0d306b27 | ELBA-2020-3945 | |
| ghostscript-cups-9.25-2.el7.aarch64.rpm | d7f6d76c0f73670d99b528b20ea24b61 | ELBA-2020-3945 | |
| ghostscript-doc-9.25-2.el7.noarch.rpm | 2554788458457bf3075d915ea0c65f09 | ELBA-2020-3945 | |
| ghostscript-gtk-9.25-2.el7.aarch64.rpm | cda8466002a2f8e8adcdc1bdf90a001e | ELBA-2020-3945 | |
| libgs-9.25-2.el7.aarch64.rpm | 4ee0fe134af15ed34432528554764037 | ELBA-2020-3945 | |
| libgs-devel-9.25-2.el7.aarch64.rpm | bf1e4148396cade24a6f74f70b11f1d6 | ELBA-2020-3945 | |
| Oracle Linux 7 (x86_64) | ghostscript-9.25-2.el7.src.rpm | 1c9668c9764da874c24536ded3e24327 | ELBA-2020-3945 |
| ghostscript-9.25-2.el7.i686.rpm | 82aa73f974d6cd97475db2623e097ad5 | ELBA-2020-3945 | |
| ghostscript-9.25-2.el7.x86_64.rpm | 4bb9033c72eeb704fb2631996469f403 | ELBA-2020-3945 | |
| ghostscript-cups-9.25-2.el7.x86_64.rpm | 6fdad95a49ea9db66bbafe08076586d7 | ELBA-2020-3945 | |
| ghostscript-doc-9.25-2.el7.noarch.rpm | 2554788458457bf3075d915ea0c65f09 | ELBA-2020-3945 | |
| ghostscript-gtk-9.25-2.el7.x86_64.rpm | 961818234005293bbf6fcc1e65cd0915 | ELBA-2020-3945 | |
| libgs-9.25-2.el7.i686.rpm | 134748378e53952e596b500cb2e3e471 | ELBA-2020-3945 | |
| libgs-9.25-2.el7.x86_64.rpm | c2bd3dc665178efa9ff77555e599f4ef | ELBA-2020-3945 | |
| libgs-devel-9.25-2.el7.i686.rpm | fab7765a7d247951f43c83545b033c6b | ELBA-2020-3945 | |
| libgs-devel-9.25-2.el7.x86_64.rpm | 24d1d37b59af68964d6b4ec458e5473a | ELBA-2020-3945 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
