| Name: | ghostscript |
|---|---|
| Version: | 9.07 |
| Release: | 31.el7_6.6 |
| Architecture: | x86_64 |
| Group: | Applications/Publishing |
| Size: | 17352731 |
| License: | AGPLv3+ and Redistributable, no modification permitted |
| RPM: | ghostscript-9.07-31.el7_6.6.x86_64.rpm |
| Source RPM: | ghostscript-9.07-31.el7_6.6.src.rpm |
| Build Date: | Mon Dec 17 2018 |
| Build Host: | x86-ol7-builder-01.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.ghostscript.com/ |
| Summary: | A PostScript interpreter and renderer |
| Description: | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package. |
- Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement (699664) - Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error exception table - Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) - Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass - Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in setpattern (700141)
- Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory access in the aesdecode operator (699665) - Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling - Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654290 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1652901 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509
- Remove as many non-standard operators as possible to make the codebase closer to upstream for later CVEs - Resolves: #1621383 - CVE-2018-16511 ghostscript: missing type check in type checker (699659) - Resolves: #1649721 - CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) - Resolves: #1621159 - CVE-2018-15908 ghostscript: .tempfile file permission issues (699657) - Resolves: #1621381 - CVE-2018-15909 ghostscript: shading_param incomplete type checking (699660)
- Added security fixes for: - CVE-2018-16509 (bug #1621158) - CVE-2018-15910 (bug #1621160) - CVE-2018-16542 (bug #1621382)
- Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1551782)
- Fix rare Segmentation fault when converting PDF to PNG (bug #1473337) - Raise the default VMThreshold from 1Mb to 8Mb (bug #1479852)
- Security fix for CVE-2017-8291 updated to address SIGSEGV