23941 – ghostscript new security issue CVE-2018-16863

Bug 23941 - ghostscript new security issue CVE-2018-16863

Summary: ghostscript new security issue CVE-2018-16863

Status:	RESOLVED DUPLICATE of bug 23869

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:	MGA6TOO
Keywords:

Depends on:
Blocks:

Reported:	2018-12-04 17:11 CET by David Walser
Modified:	2018-12-05 16:23 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	ghostscript-9.26-1.1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-12-04 17:11:50 CET

RedHat has issued an advisory on December 3:
https://access.redhat.com/errata/RHSA-2018:3761

The upstream patches to fix the issue are linked from the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1652893

Mageia 6 is also affected.

David Walser 2018-12-04 17:12:02 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2018-12-05 10:50:23 CET

Hi,

The four commits listed in the RedHat bug date from August 23, 24 and 28 so they are already in ghostscript 9.26 which date from November 20.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 2 David Walser 2018-12-05 16:23:30 CET

Thanks!

*** This bug has been marked as a duplicate of bug 23869 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.