安全公告详情

NS-SA-2019-0081

2019-07-17 14:58:38

简介

important: ghostscript security update

严重级别

important

主题

An update for ghostscript is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

ghostscript: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package.


Security Fix(es):
ghostscript: It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.(CVE-2019-3839)
ghostscript: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F14.

影响组件

  • ghostscript

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["ghostscript-9.07-31.el7_6.11.x86_64.rpm","ghostscript-cups-9.07-31.el7_6.11.x86_64.rpm","ghostscript-debuginfo-9.07-31.el7_6.11.x86_64.rpm","ghostscript-devel-9.07-31.el7_6.11.x86_64.rpm","ghostscript-doc-9.07-31.el7_6.11.noarch.rpm","ghostscript-gtk-9.07-31.el7_6.11.x86_64.rpm"],"source":"ghostscript-9.07-31.el7_6.11.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["ghostscript-9.07-31.el7_6.11.x86_64.rpm","ghostscript-cups-9.07-31.el7_6.11.x86_64.rpm","ghostscript-debuginfo-9.07-31.el7_6.11.x86_64.rpm","ghostscript-devel-9.07-31.el7_6.11.x86_64.rpm","ghostscript-doc-9.07-31.el7_6.11.noarch.rpm","ghostscript-gtk-9.07-31.el7_6.11.x86_64.rpm"],"source":"ghostscript-9.07-31.el7_6.11.src.rpm"}]}]}

CVE

参考