Advisories ยป MGASA-2018-0408

Updated ghostscript packages fix security vulnerabilities

Publication date: 19 Oct 2018
Modification date: 19 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-17961 , CVE-2018-18073 , CVE-2018-18284

Description

Updated ghostscript packages fix many bugs and security vulnerabilities:

Bypassing executeonly to escape -dSAFER sandbox. (CVE-2018-17961)

Saved execution stacks can leak operator arrays. (CVE-2018-18073)

1Policy operator gives access to .forceput. (CVE-2018-18284)
                

References

SRPMS

6/core