Synopsis: Important: ghostscript security update
Advisory ID:       SLSA-2018:3650-1
Issue Date:        2018-11-27
CVE Numbers:       CVE-2018-15908
                   CVE-2018-16511
                   CVE-2018-15909
                   CVE-2018-16539
--

Security Fix(es):

* ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908)

* ghostscript: shading_param incomplete type checking (699660)
(CVE-2018-15909)

* ghostscript: missing type check in type checker (699659)
(CVE-2018-16511)

* ghostscript: incorrect access checking in temp file handling to disclose
contents of files (699658) (CVE-2018-16539)
--

SL7
  x86_64
    ghostscript-9.07-31.el7_6.1.i686.rpm
    ghostscript-9.07-31.el7_6.1.x86_64.rpm
    ghostscript-cups-9.07-31.el7_6.1.x86_64.rpm
    ghostscript-debuginfo-9.07-31.el7_6.1.i686.rpm
    ghostscript-debuginfo-9.07-31.el7_6.1.x86_64.rpm
    ghostscript-devel-9.07-31.el7_6.1.i686.rpm
    ghostscript-devel-9.07-31.el7_6.1.x86_64.rpm
    ghostscript-gtk-9.07-31.el7_6.1.x86_64.rpm
    ghostscript-9.07-31.el7_6.1.src.rpm
  noarch
    ghostscript-doc-9.07-31.el7_6.1.noarch.rpm

- Scientific Linux Development Team