(RHSA-2018:3650) Important: ghostscript security update

ID RHSA-2018:3650
Type redhat
Reporter RedHat
Modified 2018-11-27T04:17:04


The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

  • ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908)

  • ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909)

  • ghostscript: missing type check in type checker (699659) (CVE-2018-16511)

  • ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-15908.