You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ghostscript

Sigurnosni nedostaci programskog paketa ghostscript

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-09-21 05:19:39.113558

Name : ghostscript
Product : Fedora 29
Version : 9.24
Release : 3.fc29
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.

Ghostscript is a suite of software providing an interpreter for Adobe Systems’
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.

Update Information:

This is a security update for `CVE-2018-16802`. It also fixes a printing problem
discovered in one of the previous CVE fixes. NOTE: *Please, be advised that
there’s a separate issue related to printing problems, which is connected to
CUPS itself, meaning this update might not completely resolve your printing
issues.* —- This is a rebase to latest upstream version of `Ghostscript`,
which fixes several high important CVEs recently discovered. It is advised to
update this version as soon as possible. —- Security fix for CVE-2918-15909
and some other bug fixes.

[ 1 ] Bug #1626818 – ghostscript-9.23-6 causes “filter failed” error in cups
[ 2 ] Bug #1627960 – CVE-2018-16802 ghostscript: Incorrect “restoration of privilege” checking when running out of stack during exception handling [fedora-all]
[ 3 ] Bug #1622757 – CVE-2018-15909 ghostscript: shading_param incomplete type checking (699660) [fedora-all]
[ 4 ] Bug #1625852 – CVE-2018-16543 ghostscript: gssetresolution and gsgetresolution memory corruption (699670) [fedora-all]
[ 5 ] Bug #1625847 – CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement (699664) [fedora-all]
[ 6 ] Bug #1625844 – CVE-2018-16540 ghostscript: use-after-free in copydevice handling (699661) [fedora-all]
[ 7 ] Bug #1625840 – CVE-2018-16539 ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) [fedora-all]
[ 8 ] Bug #1625837 – CVE-2018-16510 ghostscript: Incorrect exec stack handling in the “CS” and “SC” PDF primitives (699671) [fedora-all]
[ 9 ] Bug #1625833 – CVE-2018-15911 ghostscript: uninitialized memory access in the aesdecode operator (699665) [fedora-all]
[ 10 ] Bug #1625827 – CVE-2018-16542 ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668) [fedora-all]
[ 11 ] Bug #1598980 – [abrt] ghostscript: arg_next(): gs killed by SIGSEGV
[ 12 ] Bug #1625108 – Message ‘Waiting for job to complete.’ stays after successful printing

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-81ee973d7c’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-09-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa matrix-synapse

Otkriven je kritični sigurnosni nedostatak u programskom paketu matrix-synapse za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih...