[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1527-1] ghostscript security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ghostscript
Version        : 9.06~dfsg-2+deb8u9
CVE ID         : CVE-2018-16543 CVE-2018-17183
Debian Bug     : 908303

Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an
interpreter for the PostScript language, which could result in denial of
service, the creation of files or the execution of arbitrary code if a
malformed Postscript file is processed (despite the dSAFER sandbox being
enabled).

In addition this update changes the device to txtwrite for the
ps2ascii tool to prevent an error due to the fix for CVE-2018-17183.

For Debian 8 "Jessie", these problems have been fixed in version
9.06~dfsg-2+deb8u9.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluwuBRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRJlw//WtDhtl0e8Os0ZWE76BoU/LfH52rrJKYdgdrRAdbacg4L9DOXybXp3A7b
dTpMiCvZbmM1mazzH1Rtm/X7+Az1gx7LLFvMzwat6c/a9dnu9ZtrOSHq0OdAFWwc
FchKHDJDtqVhGC1A5FXZjx8KbQk44S3Vr2fdFs3gbEPpXX1ZIvdAtm6+Nk1yxVoJ
2PjaeCzy7n7ex1ymTOV88v4OTvyk1z6+ugBeX56DAuoNhq79qZX6TqiNNdzO++NI
nvV4Z2SVw4DyqVhcsGHgEXUcY7SK8ihGDO3NSnOFGnMHKAvJEYzayKm1n7PNI3ot
cFtEZ4t89iQTofwR9yKCKJthdiVoCzbRMfHbPAgKfM5yd7bzH5yR0p9PfDuPRTvg
pxYDgrmTXnw0jsYPfVVQhtf4lYgZiJs7vBxYBwznuKhVnJcTpcCvxtxkLG1gl6ot
574RAuSs1CRlJ9E3q+xGyqMyyxufKy9B7Efpds4LPFsT0YjaSFE4p368DmqVTnev
m9ytxUPSeByy8YBG9IArpFWvj5cqW36H7MXmfqFUeCo4CzzPQZImj4m7K0kk9YSF
bodolCO4zn0qYlJAPSIXBCSdvuXCk+3Xp1NoBwN8MJY6Fyi+SOxE7TKRO+riLbhD
mD261MANVUkQSERLWz/DXI1GxXD56f5d/+BhxpCwd7BTSX/6Gmk=
=DxDL
-----END PGP SIGNATURE-----


Reply to: