I do not know if Mageia ships a vulnerable version of ghostscript, but a zero-day exploit allowing code execution has been reported against (to my knowledge) all versions of ghostscript. A fixed release of ghostscript is available. I do not have access to test this against the version in Mageia, more details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295 This vulnerability has been reported to have been exploited already.
See also bug 19542 with pending CVEs to fix for ghostscript in Mageia 5. Keeping this one separate for now, as it also affects Mageia 6 and I don't know yet if we'll fix all issues at once.
Version: 5 => CauldronComponent: RPM Packages => SecurityQA Contact: (none) => securityWhiteboard: (none) => MGA5TOOAssignee: bugsquad => pkg-bugsSee Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=19542CVE: (none) => CVE-2017-8291
Priority: Normal => High
Fixed in cauldron
Version: Cauldron => 5Priority: High => NormalWhiteboard: MGA5TOO => (none)CC: (none) => mageia
following all CVE in one bugreport *** This bug has been marked as a duplicate of bug 19542 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATEPriority: High => Normal