ALAS2-2018-1022


Amazon Linux 2 Security Advisory: ALAS-2018-1022
Advisory Release Date: 2018-05-29 23:19 Pacific
Severity: Medium
References: CVE-2018-10194 

Issue Overview:

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. (CVE-2018-10194 )


Affected Packages:

ghostscript


Issue Correction:
Run yum update ghostscript to update your system.

New Packages:
noarch:
    ghostscript-doc-9.06-2.amzn2.0.2.noarch

src:
    ghostscript-9.06-2.amzn2.0.2.src

x86_64:
    ghostscript-9.06-2.amzn2.0.2.x86_64
    ghostscript-devel-9.06-2.amzn2.0.2.x86_64
    ghostscript-gtk-9.06-2.amzn2.0.2.x86_64
    ghostscript-cups-9.06-2.amzn2.0.2.x86_64
    ghostscript-debuginfo-9.06-2.amzn2.0.2.x86_64