[El-errata] ELSA-2018-3834 Important: Oracle Linux 7 ghostscript security and bug fix update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Dec 19 12:12:21 PST 2018
Oracle Linux Security Advisory ELSA-2018-3834
http://linux.oracle.com/errata/ELSA-2018-3834.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
ghostscript-9.07-31.el7_6.6.aarch64.rpm
ghostscript-cups-9.07-31.el7_6.6.aarch64.rpm
ghostscript-devel-9.07-31.el7_6.6.aarch64.rpm
ghostscript-doc-9.07-31.el7_6.6.noarch.rpm
ghostscript-gtk-9.07-31.el7_6.6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ghostscript-9.07-31.el7_6.6.src.rpm
Description of changes:
[9.07-31.el7_6.6]
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)
[9.07-31.el7_6.5]
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
[9.07-31.el7_6.4]
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of
privilege" checking when running out of stack during exception handling
- Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
More information about the El-errata
mailing list