Описание
ELSA-2018-3760: ghostscript security update (IMPORTANT)
[8.70-24.el6_10.2]
- It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch
[8.70-24.el6_10.1]
- Resolves: #1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore
[8.70-24]
- Added security fix for CVE-2017-8291 (bug #1446063)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ghostscript
8.70-24.el6_10.2
ghostscript-devel
8.70-24.el6_10.2
ghostscript-doc
8.70-24.el6_10.2
ghostscript-gtk
8.70-24.el6_10.2
Oracle Linux i686
ghostscript
8.70-24.el6_10.2
ghostscript-devel
8.70-24.el6_10.2
ghostscript-doc
8.70-24.el6_10.2
ghostscript-gtk
8.70-24.el6_10.2
Связанные CVE
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.