| Name: | ghostscript |
|---|---|
| Version: | 9.07 |
| Release: | 31.el7_6.9 |
| Architecture: | i686 |
| Group: | Applications/Publishing |
| Size: | 16058006 |
| License: | AGPLv3+ and Redistributable, no modification permitted |
| RPM: | ghostscript-9.07-31.el7_6.9.i686.rpm |
| Source RPM: | ghostscript-9.07-31.el7_6.9.src.rpm |
| Build Date: | Thu Jan 31 2019 |
| Build Host: | x86-ol7-builder-01.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.ghostscript.com/ |
| Summary: | A PostScript interpreter and renderer |
| Description: | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package. |
- Related: #1667442 - CVE-2019-6116 - added missing parts of patch
- Resolves: #1667442 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators
- Resolves: #1665919 pdf2ps reports an error when reading from stdin - Resolves: #1657333 - CVE-2018-16540 ghostscript: use-after-free in copydevice handling (699661) - Resolves: #1660569 - CVE-2018-19475 ghostscript: access bypass in psi/zdevice2.c (700153) - Resolves: #1660828 - CVE-2018-19476 ghostscript: access bypass in psi/zicc.c - Resolves: #1661278 - CVE-2018-19477 ghostscript: access bypass in psi/zfjbig2.c (700168)
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement (699664) - Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error exception table - Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) - Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass - Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in setpattern (700141)
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory access in the aesdecode operator (699665) - Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling - Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654290 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1652901 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509
- Remove as many non-standard operators as possible to make the codebase closer to upstream for later CVEs - Resolves: #1621383 - CVE-2018-16511 ghostscript: missing type check in type checker (699659) - Resolves: #1649721 - CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) - Resolves: #1621159 - CVE-2018-15908 ghostscript: .tempfile file permission issues (699657) - Resolves: #1621381 - CVE-2018-15909 ghostscript: shading_param incomplete type checking (699660)
- Added security fixes for: - CVE-2018-16509 (bug #1621158) - CVE-2018-15910 (bug #1621160) - CVE-2018-16542 (bug #1621382)