| Description: | Summary:
Check the version of ghostscript
Vulnerability Insight:
The Ghostscript suite contains utilities for
rendering PostScript and PDF documents. Ghostscript translates PostScript code
to common bitmap formats so that the code can be displayed or printed.
Security Fix(es):
* It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass the
- -dSAFER protection and, for example, execute arbitrary shell commands via a
specially crafted PostScript document. (CVE-2018-16509)
* ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910)
* ghostscript: .definemodifiedfont memory corruption if /typecheck is
handled (699668) (CVE-2018-16542)
* ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix
function in gdevpdts.c (CVE-2018-10194)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Tavis Ormandy (Google Project Zero) for
reporting CVE-2018-16509, CVE-2018-15910, and CVE-2018-16542.
Affected Software/OS:
ghostscript on CentOS 7
Solution:
Please install the updated packages.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
