New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.9
Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
Security Fix(es) :
- ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541)
- ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling (CVE-2018-16802)
- ghostscript: User-writable error exception table (CVE-2018-17183)
- ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018-17961)
- ghostscript: Saved execution stacks can leak operator arrays (CVE-2018-18073)
- ghostscript: 1Policy operator allows a sandbox protection bypass (CVE-2018-18284)
- ghostscript: Type confusion in setpattern (700141) (CVE-2018-19134)
- ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409)
- ghostscript: Uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911)
Bug Fix(es) :
- It has been found that ghostscript-9.07-31.el7_6.1 introduced regression during the handling of shading objects, causing a 'Dropping incorrect smooth shading object' warning. With this update, the regression has been fixed and the described problem no longer occurs.
Solution
Update the affected packages.