[tex-live] Still issues with Ghostscript 9.25

Nelson H. F. Beebe beebe at math.utah.edu
Sat Sep 15 17:50:45 CEST 2018

A quick Web search turned up some recent links that discuss the
newly-discovered security holes that ghostscript 9.25 has fixed:

In the Unix world, it has sadly been several years since Adobe offered
a version of Acrobat Reader for PDF display: our Solaris SPARC version
is dated 8-Oct-2009, and our GNU/Linux x86-64 version is from

Thus, ghostscript has become the defacto tool suite for PostScript and
PDF viewing, and few TeX sites outside the Microsoft Windows world
could live without it.

Rather than disabling viewing of PostScript and PDF files, as some of
the above links suggest, we just need to inform our community of the
desirability of upgrading their ghostscript installations.

This will take time: even a Ubuntu Rolling Release (bleeding edge)
system has only ghostscript 9.23 installed; other vendors are much
further behind: CentOS 7 (the latest release from Red Hat) has version
gs 9.07. Mint Linux 19 and Debian 10 has gs 9.22.  OpenSUSE 42.3 has
gs 9.15, and OpenSUSE Tumbleweed (bleeding edge) has gs 9.23.

It is unclear whether other PDF and PostScript viewers that are not
based on either ghostscript or Adobe code have similar
vulnerabilities.  They include apvlv, evince, mupdf, qpdfview,
viewpdf, zathura, and likely several others, plus built-in PDF viewers
in recent firefox and chrome Web browsers.

