-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2018:3760-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3760 Issue date: 2018-12-03 CVE Names: CVE-2018-16509 ==================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1619748 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore (699654) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ghostscript-8.70-24.el6_10.2.src.rpm i386: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm x86_64: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-doc-8.70-24.el6_10.2.i686.rpm ghostscript-gtk-8.70-24.el6_10.2.i686.rpm x86_64: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ghostscript-8.70-24.el6_10.2.src.rpm x86_64: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ghostscript-8.70-24.el6_10.2.src.rpm i386: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ppc64: ghostscript-8.70-24.el6_10.2.ppc.rpm ghostscript-8.70-24.el6_10.2.ppc64.rpm ghostscript-debuginfo-8.70-24.el6_10.2.ppc.rpm ghostscript-debuginfo-8.70-24.el6_10.2.ppc64.rpm s390x: ghostscript-8.70-24.el6_10.2.s390.rpm ghostscript-8.70-24.el6_10.2.s390x.rpm ghostscript-debuginfo-8.70-24.el6_10.2.s390.rpm ghostscript-debuginfo-8.70-24.el6_10.2.s390x.rpm x86_64: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-doc-8.70-24.el6_10.2.i686.rpm ghostscript-gtk-8.70-24.el6_10.2.i686.rpm ppc64: ghostscript-debuginfo-8.70-24.el6_10.2.ppc.rpm ghostscript-debuginfo-8.70-24.el6_10.2.ppc64.rpm ghostscript-devel-8.70-24.el6_10.2.ppc.rpm ghostscript-devel-8.70-24.el6_10.2.ppc64.rpm ghostscript-doc-8.70-24.el6_10.2.ppc64.rpm ghostscript-gtk-8.70-24.el6_10.2.ppc64.rpm s390x: ghostscript-debuginfo-8.70-24.el6_10.2.s390.rpm ghostscript-debuginfo-8.70-24.el6_10.2.s390x.rpm ghostscript-devel-8.70-24.el6_10.2.s390.rpm ghostscript-devel-8.70-24.el6_10.2.s390x.rpm ghostscript-doc-8.70-24.el6_10.2.s390x.rpm ghostscript-gtk-8.70-24.el6_10.2.s390x.rpm x86_64: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ghostscript-8.70-24.el6_10.2.src.rpm i386: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm x86_64: ghostscript-8.70-24.el6_10.2.i686.rpm ghostscript-8.70-24.el6_10.2.x86_64.rpm ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-doc-8.70-24.el6_10.2.i686.rpm ghostscript-gtk-8.70-24.el6_10.2.i686.rpm x86_64: ghostscript-debuginfo-8.70-24.el6_10.2.i686.rpm ghostscript-debuginfo-8.70-24.el6_10.2.x86_64.rpm ghostscript-devel-8.70-24.el6_10.2.i686.rpm ghostscript-devel-8.70-24.el6_10.2.x86_64.rpm ghostscript-doc-8.70-24.el6_10.2.x86_64.rpm ghostscript-gtk-8.70-24.el6_10.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16509 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAXB8NzjgjWX9erEAQgceg/+Nlzzkc5UFF6a7W7IBrRCV11QM0BSqeAA I3fM6YxGHGTiQz2qmGJIcDwno932WD3M4jhFk488dxDY0qctI3al+0MaV3gJ4L/s VkSRaKh8ENHh6lh5RGJuP6zEPDat5KNc962CB87qmbxr22N2+6nXouwVwjTKYB04 VnqdQP/E834rerwFQOIZBrH1sYuRUfDGcN7B/uGQ5CzniqSwjSgs+wy2IKb3BKcb k/KRjxfNOBUJQXzypl/H4r38GUNODShBXiYTdIKu9aVOIEI0z5SMsYGGJ6DH/k4r R5Bb4uPPww3iXWhaDMn5ymmb5BcEXi3kboPq/6W5Oic1fKWYvL8WLSnyv2QjjxdP bxHvAfEp2fJZODvpUQUhZVN0wgLXGFmSGz3iUZhv/GQJJIIbyj/HG1NLh/6B5BQV l8drkB1zPJ2AtWp8R+UMWBPFXPeXcyj0mAlHZAgHp19EEgVcLaLznVuRph/ETE1W aXQ9rsgCG6s5wHWaMq9Ys6bglpVWtlFUNlk8XOJHGBclAZCHf0gmvJzbs4oR0zNY IKoEl2yNZaTarRZHwBOhynARij8JEN8NiZ5g6I8rrgQGetYWHCtgKeBIFJdq4qHv KLzwlDD33TjRTN25lm4YS6FWuUI+d8cFNXkbaQwENrc04q+2a/oHSph17KQslOYB wsMm9yDireI=MpjT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce