[ol8_appstream] libgs-9.27-1.el8.aarch64

This library provides Ghostscript's core functionality, based on Ghostscript's
API, which is useful for many packages that are build on top of Ghostscript.

Changelog (Show File list) (Show related packages)

• Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 9.27-1

  - Rebase to 9.27
  - Resolves: rhbz#1874523

• Tue Apr 07 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-7

  - 1813228 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER

• Thu Nov 07 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-6

  - 1769343 - CVE-2019-14869 - -dSAFER escape in .charkeys

• Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-5

  - Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
  - Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
  - Resolves: #1744006 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
  - Resolves: #1744231 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)

• Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-4

  - Resolves: #1737337 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

• Thu Mar 28 2019 Martin Osvald <mosvald@redhat.com> - 9.25-3

  - Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
    protections for CVE-2019-6116
  - Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
    is available (700585)
  - Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
    is still accessible (700576)
  - fix included for ghostscript: Regression: double comment chars
    '%' in gs_init.ps leading to missing metadata
  - fix for pdf2dsc regression added to allow fix for CVE-2019-3839

• Wed Jan 23 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2

  - Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented
    security check in zsetdevice function in psi/zdevice.c
  - Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks
    can leak operator arrays
  - Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks
    can leak operator arrays (incomplete fix for CVE-2018-17183)
  - Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator
    allows a sandbox protection bypass
  - Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in
    setpattern (700141)
  - Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in
    psi/zdevice2.c (700153)
  - Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in
    psi/zicc.c
  - Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in
    psi/zfjbig2.c (700168)
  - Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within
    pseudo-operators must themselves be pseudo-operators (700317)

• Mon Sep 24 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.25-1

  - rebase to latest upstream version to fix issues discovered in previous CVE fixes (bug #1631701 and #1626997)

• Fri Sep 07 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.24-1

  - rebase to latest upstream version, which contains important CVE fixes
  - additional ZER0-DAY fixes added

• Wed Aug 29 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-5

  - ghostscript-9.23-002-fixes-for-set-of-CVEs-reported-by-Google.patch added