Описание
ELSA-2019-0633: ghostscript security and bug fix update (IMPORTANT)
[9.07-31.el7_6.10]
- Resolves: #1673915 - ghostscript: Regression: double comment chars '%' in gs_init.ps leading to missing metadata
- Resolves: #1678171 - CVE-2019-3835 ghostscript: superexec operator is available (700585)
- Resolves: #1680025 - CVE-2019-3838 ghostscript: forceput in DefineResource is still accessible (700576)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ghostscript
9.07-31.el7_6.10
ghostscript-cups
9.07-31.el7_6.10
ghostscript-devel
9.07-31.el7_6.10
ghostscript-doc
9.07-31.el7_6.10
ghostscript-gtk
9.07-31.el7_6.10
Oracle Linux x86_64
ghostscript
9.07-31.el7_6.10
ghostscript-cups
9.07-31.el7_6.10
ghostscript-devel
9.07-31.el7_6.10
ghostscript-doc
9.07-31.el7_6.10
ghostscript-gtk
9.07-31.el7_6.10
Связанные CVE
Связанные уязвимости
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
It was found that the superexec operator was available in the internal ...