RHSA-2019:0229-01 -- Redhat ghostscriptID: oval:org.secpod.oval:def:502602 | Date: (C)2019-02-01 (M)2024-05-22 |
Class: PATCH | Family: unix |
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: use-after-free in copydevice handling * ghostscript: access bypass in psi/zdevice2.c * ghostscript: access bypass in psi/zicc.c * ghostscript: access bypass in psi/zfjbig2.c * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank Tavis Ormandy for reporting CVE-2019-6116. Bug Fix: * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a "/invalidfileaccess in --run--" error. With this update, the regression has been fixed and the described error no longer occurs
Platform: |
Red Hat Enterprise Linux 7 |