Bugzilla – Bug 1118318
VUL-0: CVE-2018-16863: ghostscript,ghostscript-library: incomplete fix for CVE-2018-16509
Last modified: 2020-06-16 22:09:42 UTC
rh#1652893 It was found that the fix for CVE-2018-16509 provided in Red Hat Enterprise Linux 7 was not sufficient. References: https://bugzilla.redhat.com/show_bug.cgi?id=1652893 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16863 https://access.redhat.com/errata/RHSA-2018:3761 https://rhn.redhat.com/errata/RHSA-2018-3761.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16863
SLE-12 and SLE-15 are not affected as we ship ghostscript version >= 9.25
Hi Johannes, I believe we have the same issue as RedHat. We missed this commit [0] because it was added 4 days after the first three. Only SLE10 and SLE11 are affected. [0] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519
SUSE:SLE-12:GA was affected where we had Ghostscript version 9.15 and SUSE:SLE-15:GA was affected where we had Ghostscript version 9.23. This is fixed in SUSE:SLE-12:Update and SUSE:SLE-15:Update where we did a Ghostscript version upgrade to 9.26a but "CVE-2018-16863" is not mentioned in our ghostscript.changes file.
released