Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

SciLinux: SLSA-2018-3760-1 Critical Ghostscript Arbitrary Command Execution

Scientific Large Esm H446
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) SL6 x86_64 ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript- [More...]
Synopsis: Important: ghostscript security update
Advisory ID:       SLSA-2018:3760-1
Issue Date:        2018-12-04
CVE Numbers:       CVE-2018-16509
--

Security Fix(es):

* It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass the
- -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document. (CVE-2018-16509)
--

SL6
  x86_64
    ghostscript-8.70-24.el6_10.2.i686.rpm
    ghostscript-8.70-24.el6_10.2.x86_64.rpm
    ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm
    ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm
    ghostscript-devel-8.70-24.el6_10.2.i686.rpm
    ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm
    ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm
    ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm
  i386
    ghostscript-8.70-24.el6_10.2.i686.rpm
    ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm
    ghostscript-devel-8.70-24.el6_10.2.i686.rpm
    ghostscript-doc-8.70-24.el6_10.2.i686.rpm
    ghostscript-gtk-8.70-24.el6_10.2.i686.rpm

- Scientific Linux Development Team