[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1620-1] ghostscript security update

Package        : ghostscript
Version        : 9.06~dfsg-2+deb8u13
CVE ID         : CVE-2018-19134 CVE-2018-19478

Some vulnerabilities were discovered in ghostscript, an interpreter for the
PostScript language and for PDF.


    The setpattern operator did not properly validate certain types. A specially
    crafted PostScript document could exploit this to crash Ghostscript or,
    possibly, execute arbitrary code in the context of the Ghostscript process.
    This is a type confusion issue because of failure to check whether the
    Implementation of a pattern dictionary was a structure type.


    Attempting to open a carefully crafted PDF file results in long-running
    computation. A sufficiently bad page tree can lead to us taking significant
    amounts of time when checking the tree for recursion.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: