| Beschreibung: | Summary:
The remote host is missing an update for the 'ghostscript'
package(s) announced via the CESA-2019:0229 advisory.
Vulnerability Insight:
The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.
Security Fix(es):
* ghostscript: use-after-free in copydevice handling (699661)
(CVE-2018-16540)
* ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475)
* ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476)
* ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477)
* ghostscript: subroutines within pseudo-operators must themselves be
pseudo-operators (700317) (CVE-2019-6116)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Tavis Ormandy (Google Project Zero) for
reporting CVE-2019-6116.
Bug Fix(es):
* Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during
the standard input reading, causing a '/invalidfileaccess in --run--'
error. With this update, the regression has been fixed and the described
error no longer occurs. (BZ#1665919)
Affected Software/OS:
ghostscript on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
