Scientific Linux Security Update : ghostscript on SL7.x x86_64
High Nessus Plugin ID 119883
Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
Security Fix(es) :
- ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541)
- ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling (CVE-2018-16802)
- ghostscript: User-writable error exception table (CVE-2018-17183)
- ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018-17961)
- ghostscript: Saved execution stacks can leak operator arrays (CVE-2018-18073)
- ghostscript: 1Policy operator allows a sandbox protection bypass (CVE-2018-18284)
- ghostscript: Type confusion in setpattern (700141) (CVE-2018-19134)
- ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409)
- ghostscript: Uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911)
Bug Fix(es) :
- It has been found that ghostscript-9.07-31.el7_6.1 introduced regression during the handling of shading objects, causing a 'Dropping incorrect smooth shading object' warning. With this update, the regression has been fixed and the described problem no longer occurs.
Solution
Update the affected packages.