RHSA-2018:3760-01 -- Redhat ghostscript
|ID: oval:org.secpod.oval:def:49255||Date: (C)2018-12-05 (M)2018-12-05|
|Class: PATCH||Family: unix|
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Red Hat would like to thank Tavis Ormandy for reporting this issue.
|Red Hat Enterprise Linux 6|