Bug#839260: ghostscript: various sandbox bypasses

To: submit@bugs.debian.org
Subject: Bug#839260: ghostscript: various sandbox bypasses
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 30 Sep 2016 23:36:22 +0200
Message-id: <[🔎] 87r381ysrt.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 839260@bugs.debian.org

Package: ghostscript
Version: 9.19~dfsg-3
Tags: security
Severity: grave

Tavis Ormandy has reported several sandbox bypasses on the
oss-security mailing list.

  <http://www.openwall.com/lists/oss-security/2016/09/29/3>
    (also see follow-ups)

Filed upstream as:

  <http://bugs.ghostscript.com/show_bug.cgi?id=697169>
  <http://bugs.ghostscript.com/show_bug.cgi?id=697178>

This is a fairly important security issue because it introduces
vulnerabilities into CUPS and programs such as mail clients which use
mailcap entries and run Ghostscript indirectly.

Reply to:

Prev by Date: Bug#839245: printer-driver-escpr: no printing at maximum resolution
Previous by thread: Bug#839245: printer-driver-escpr: no printing at maximum resolution
Index(es):
- Date
- Thread