{"id":"MGASA-2019-0188","summary":"Updated ghostscript packages fix security vulnerability","details":"It was found that in ghostscript some privileged operators remained\naccessible from various places after the CVE-2019-6116 fix. A specially\ncrafted PostScript file could use this flaw in order to, for example,\nhave access to the file system outside of the constrains imposed by\n-dSAFER. Ghostscript versions before 9.28 are vulnerable. (CVE-2019-3839)\n","modified":"2026-02-04T03:13:30.070164Z","published":"2019-06-10T19:17:03Z","related":["CVE-2019-3839"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0188.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24786"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2019:1017"}],"affected":[{"package":{"name":"ghostscript","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.26-1.4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0188.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}