It was found that the fix for CVE-2018-16509 provided in Red Hat Enterprise Linux 7 was not sufficient.
The full fix for CVE-2018-16509 (bug 1619748) consists of the following 4 upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519 The RHSA-2018:2918 erratum for Red Hat Enterprise Linux 7 only included the first 2 fixes, and hence failed to fix CVE-2018-16509 completely.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3761 https://access.redhat.com/errata/RHSA-2018:3761
Statement: This vulnerability affects only Red Hat Enterprise Linux version 7. Red Hat Enterprise Linux version 6 is not affected by this vulnerability because the set of fixes for CVE-2018-16509, released via RHSA-2018:3760, was complete.