RHSA-2018:3834-01 -- Redhat ghostscriptID: oval:org.secpod.oval:def:502586 | Date: (C)2018-12-21 (M)2023-12-20 |
Class: PATCH | Family: unix |
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Incorrect free logic in pagedevice replacement * ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling * ghostscript: User-writable error exception table * ghostscript: Saved execution stacks can leak operator arrays * ghostscript: Saved execution stacks can leak operator arrays * ghostscript: 1Policy operator allows a sandbox protection bypass * ghostscript: Type confusion in setpattern * ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c * ghostscript: Uninitialized memory access in the aesdecode operator For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Tavis Ormandy for reporting CVE-2018-16541. Bug Fix: * It has been found that ghostscript-9.07-31.el7_6.1 introduced regression during the handling of shading objects, causing a "Dropping incorrect smooth shading object" warning. With this update, the regression has been fixed and the described problem no longer occurs
Platform: |
Red Hat Enterprise Linux 7 |