First published: Fri Nov 23 2018(Updated: )
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Artifex Ghostscript | =9.07 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16863 is a vulnerability that allows an attacker to execute arbitrary shell commands via a specially crafted PostScript document in Ghostscript version 9.07.
CVE-2018-16863 has a severity rating of 7.8 (Critical).
Ghostscript version 9.07 and Red Hat Enterprise Linux versions 7.0, 7.6, and 7.6 (Aus, Eus, Tus) are affected by CVE-2018-16863.
An attacker can exploit CVE-2018-16863 by exploiting another variant of a previously fixed flaw in RHSA-2018:2918 and bypassing the -dSAFER protection in order to execute arbitrary shell commands.
To fix CVE-2018-16863, it is recommended to update to a patched version of Ghostscript and Red Hat Enterprise Linux, as provided by the respective vendors.