Updated ghostscript packages fix security vulnerability
Publication date: 31 Aug 2019Modification date: 31 Aug 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-10216
Description
Updated ghostscript packages fix security vulnerability: It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas (CVE-2019-10216). Also, the Mageia 7 update fixes a bounding box issue that affects klatexformula (mga#24866).
References
SRPMS
7/core
- ghostscript-9.27-1.2.mga7
6/core
- ghostscript-9.26-1.5.mga6