Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.
Security Fix(es):
* ghostscript: superexec operator is available (700585) (CVE-2019-3835)
* ghostscript: forceput in DefineResource is still accessible (700576)
(CVE-2019-3838)
* ghostscript: missing attack vector protections for CVE-2019-6116
(CVE-2019-3839)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2019-3835 https://access.redhat.com/security/cve/CVE-2019-3838 https://access.redhat.com/security/cve/CVE-2019-3839 https://access.redhat.com/security/updates/classification#important
Red Hat Enterprise Linux AppStream (v. 8):
Source:
ghostscript-9.25-2.el8_0.1.src.rpm
aarch64:
ghostscript-9.25-2.el8_0.1.aarch64.rpm
ghostscript-debuginfo-9.25-2.el8_0.1.aarch64.rpm
ghostscript-debugsource-9.25-2.el8_0.1.aarch64.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.1.aarch64.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.1.aarch64.rpm
libgs-9.25-2.el8_0.1.aarch64.rpm
libgs-debuginfo-9.25-2.el8_0.1.aarch64.rpm
ppc64le:
ghostscript-9.25-2.el8_0.1.ppc64le.rpm
ghostscript-debuginfo-9.25-2.el8_0.1.ppc64le.rpm
ghostscript-debugsource-9.25-2.el8_0.1.ppc64le.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.1.ppc64le.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.1.ppc64le.rpm
libgs-9.25-2.el8_0.1.ppc64le.rpm
libgs-debuginfo-9.25-2.el8_0.1.ppc64le.rpm
s390x:
ghostscript-9.25-2.el8_0.1.s390x.rpm
ghostscript-debuginfo-9.25-2.el8_0.1.s390x.rpm
ghostscript-debugsource-9.25-2.el8_0.1.s390x.rpm
ghostscript-gtk-debuginfo-9.25-2.el8_0.1.s390x.rpm
ghostscript-x11-debuginfo-9.25-2.el8_0.1.s390x.rpm
libgs-9.25-2.el8_0.1.s390x.rpm
libgs-debuginfo-9.25-2.el8_0.1.s390x.rpm
x86_64:
ghostscript-9.25-2.el8_0.1.x86_64.rpm
ghostscript-debuginfo-9.25-2.el8_0.1.i686.rpm
ghostscript-debuginfo-9.25-2.el8_0.1.x86_64.rpm
ghostscript-debugsource-9.25-2.el8_0.1.i686.rpm
Read the Full Advisory
An update for ghostscript is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
1673304 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116
1677581 - CVE-2019-3838 ghostscript: forceput in DefineResource is still accessible (700576)
1677588 - CVE-2019-3835 ghostscript: superexec operator is available (700585)
Get the latest Linux and open source security news straight to your inbox.