[ol7_latest] ghostscript-9.25-2.el7_7.2.aarch64

Name:	ghostscript
Version:	9.25
Release:	2.el7_7.2
Architecture:	aarch64
Group:	Unspecified
Size:	248305
License:	AGPLv3+
RPM:	ghostscript-9.25-2.el7_7.2.aarch64.rpm
Source RPM:	ghostscript-9.25-2.el7_7.2.src.rpm
Build Date:	Mon Sep 02 2019
Build Host:	ca-buildarm04.us.oracle.com
Vendor:	Oracle America
URL:	https://ghostscript.com/
Summary:	Interpreter for PostScript language & PDF
Description:	This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript (PS) and Portable Document Format (PDF) page description languages. Its primary purpose includes displaying (rasterization & rendering) and printing of document pages, as well as conversions between different document formats.

Changelog (Show File list) (Show related packages)

Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.2

- Resolves: #1744008 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744012 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
- Resolves: #1744003 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
- Resolves: #1744228 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)

Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.1

- Resolves: #1737338 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

Tue Apr 02 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2

- obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel

Thu Feb 14 2019 Martin Osvald <mosvald@redhat.com> - 9.25-1

- Rebase to latest upstream version (bug #1636115)
- Resolves: #1673399 - CVE-2019-3839 ghostscript: missing attack vector
  protections for CVE-2019-6116
- Resolves: #1678172 - CVE-2019-3835 ghostscript: superexec operator
  is available (700585)
- Resolves: #1680026 - CVE-2019-3838 ghostscript: forceput in DefineResource
  is still accessible (700576)
- Resolves: #1670443 - ghostscript: Regression: double comment chars
  '%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839

Wed Jan 16 2019 Martin Osvald <mosvald@redhat.com> - 9.07-32

- Remove as many non-standard operators as possible to make the codebase
  closer to upstream for later CVEs
- Resolves: #1621385 - CVE-2018-16511 ghostscript: missing type check in type
  checker (699659)
- Resolves: #1649722 - CVE-2018-16539 ghostscript: incorrect access checking
  in temp file handling to disclose contents of files (699658) 
- Resolves: #1621162 - CVE-2018-15908 ghostscript: .tempfile file permission
  issues (699657)
- Resolves: #1621384 - CVE-2018-15909 ghostscript: shading_param incomplete
  type checking (699660)
- Resolves: #1652902 - CVE-2018-16863 ghostscript: incomplete fix for
  CVE-2018-16509
- Resolves: #1654045 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1651150 - CVE-2018-15911 ghostscript: uninitialized memory
  access in the aesdecode operator (699665)
- Resolves: #1650061 - CVE-2018-16802 ghostscript: Incorrect "restoration of
  privilege" checking when running out of stack during exception handling
- Resolves: #1652936 - CVE-2018-19409 ghostscript: Improperly implemented
  security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654622 - CVE-2018-16541 ghostscript: incorrect free logic in
  pagedevice replacement (699664)
- Resolves: #1650211 - CVE-2018-17183 ghostscript: User-writable error
  exception table
- Resolves: #1645517 - CVE-2018-18073 ghostscript: saved execution stacks
  can leak operator arrays
- Resolves: #1648892 - CVE-2018-17961 ghostscript: saved execution stacks
  can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643117 - CVE-2018-18284 ghostscript: 1Policy operator
  allows a sandbox protection bypass
- Resolves: #1655939 - CVE-2018-19134 ghostscript: Type confusion in
  setpattern (700141)
- Resolves: #1657694 - ghostscript: Regression: Warning: Dropping incorrect
  smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1661210 pdf2ps reports an error when reading from stdin
- Resolves: #1657334 - CVE-2018-16540 ghostscript: use-after-free in
  copydevice handling (699661)
- Resolves: #1660570 - CVE-2018-19475 ghostscript: access bypass in
  psi/zdevice2.c (700153)
- Resolves: #1660829 - CVE-2018-19476 ghostscript: access bypass in
  psi/zicc.c
- Resolves: #1661279 - CVE-2018-19477 ghostscript: access bypass in
  psi/zfjbig2.c (700168)
- Resolves: #1667443 - CVE-2019-6116 ghostscript: subroutines within
  pseudo-operators must themselves be pseudo-operators
- Resolves: #1670443 - ghostscript: Regression: double comment chars
  '%' in gs_init.ps leading to missing metadata

Mon Sep 10 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-31

- Added security fixes for:
  - CVE-2018-16509 (bug #1621158)
  - CVE-2018-15910 (bug #1621160)
  - CVE-2018-16542 (bug #1621382)

Tue Apr 17 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-30

- Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1551782)

Tue Jul 25 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-29

- Fix rare Segmentation fault when converting PDF to PNG (bug #1473337)
- Raise the default VMThreshold from 1Mb to 8Mb (bug #1479852)

Thu May 11 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-28
```
- Security fix for CVE-2017-8291 updated to address SIGSEGV
```
Wed May 03 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-27
```
- Added security fix for CVE-2017-8291 (bug #1446063)
```