[El-errata] ELSA-2019-0971 Important: Oracle Linux 8 ghostscript security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Aug 1 06:56:16 PDT 2019


Oracle Linux Security Advisory ELSA-2019-0971

http://linux.oracle.com/errata/ELSA-2019-0971.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
ghostscript-9.25-2.el8_0.1.x86_64.rpm
libgs-9.25-2.el8_0.1.i686.rpm
libgs-9.25-2.el8_0.1.x86_64.rpm
ghostscript-doc-9.25-2.el8_0.1.noarch.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.1.x86_64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.1.x86_64.rpm
ghostscript-tools-printing-9.25-2.el8_0.1.x86_64.rpm
ghostscript-x11-9.25-2.el8_0.1.x86_64.rpm
libgs-devel-9.25-2.el8_0.1.i686.rpm
libgs-devel-9.25-2.el8_0.1.x86_64.rpm

aarch64:
ghostscript-9.25-2.el8_0.1.aarch64.rpm
libgs-9.25-2.el8_0.1.aarch64.rpm
ghostscript-doc-9.25-2.el8_0.1.noarch.rpm
ghostscript-tools-dvipdf-9.25-2.el8_0.1.aarch64.rpm
ghostscript-tools-fonts-9.25-2.el8_0.1.aarch64.rpm
ghostscript-tools-printing-9.25-2.el8_0.1.aarch64.rpm
ghostscript-x11-9.25-2.el8_0.1.aarch64.rpm
libgs-devel-9.25-2.el8_0.1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/ghostscript-9.25-2.el8_0.1.src.rpm



Description of changes:

[9.25-2.1]
- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- fix included for ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839





More information about the El-errata mailing list