Ghostscript security vulnerabilities resolved
Lisa Fenn·August 24, 2018
Novato, CA August 24, 2018 – Artifex Software is pleased to report that the recently disclosed security vulnerabilities in Ghostscript have been resolved. On August 21, 2018, a Google Project Zero security researcher, disclosed Ghostscript security vulnerabilities, a CERT advisory was released that day as well.
As of August 24, 2018, all reported problems have been fixed and will be part of the next Ghostscript release in late September. Individual patches are available now in the Ghostscript repository and are listed below. We recommend applying these security fixes as soon as possible.
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
Artifex takes security issues very seriously and strongly encourages responsible and coordinated disclosure of vulnerabilities. Developers should be given the opportunity to fix security problems in advance of public disclosure.