Bug 23941

Summary:	ghostscript new security issue CVE-2018-16863
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Mageia Bug Squad <bugsquad>
Status:	RESOLVED DUPLICATE	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	nicolas.salguero
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA6TOO
Source RPM:	ghostscript-9.26-1.1.mga6.src.rpm	CVE:
Status comment:

Description David Walser 2018-12-04 17:11:50 CET

RedHat has issued an advisory on December 3:
https://access.redhat.com/errata/RHSA-2018:3761

The upstream patches to fix the issue are linked from the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1652893

Mageia 6 is also affected.

David Walser 2018-12-04 17:12:02 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2018-12-05 10:50:23 CET

Hi,

The four commits listed in the RedHat bug date from August 23, 24 and 28 so they are already in ghostscript 9.26 which date from November 20.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 2 David Walser 2018-12-05 16:23:30 CET

Thanks!

*** This bug has been marked as a duplicate of bug 23869 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE