Updated ghostscript packages fix security vulnerabilityPublication date: 31 Aug 2019
Affected Mageia releases : 6 , 7
Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas (CVE-2019-10216). Also, the Mageia 7 update fixes a bounding box issue that affects klatexformula (mga#24866).