[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1880-1] ghostscript security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ghostscript
Version        : 9.26a~dfsg-0+deb8u4
CVE ID         : CVE-2019-10216
Debian Bug     : 934638

Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL
PostScript/PDF interpreter, does not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.

For Debian 8 "Jessie", this problem has been fixed in version
9.26a~dfsg-0+deb8u4.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2
gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3
gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv
Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1
R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8
W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At
C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe
6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9
jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd
cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa
5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS
Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM=
=rLH6
-----END PGP SIGNATURE-----


Reply to: