[SECURITY] [DLA 1363-1] ghostscript security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1363-1] ghostscript security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 25 Apr 2018 20:26:30 +0200
Message-id: <[🔎] 1637565a-6987-4cb3-66fb-2e35e86e3555@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ghostscript
Version        : 9.05~dfsg-6.3+deb7u8
CVE ID         : CVE-2018-10194
Debian Bug     : 896069

It was discovered that the set_text_distance function in
base/gdevpdts.c in the pdfwrite component in Ghostscript does not
prevent overflows in text-positioning calculation, which allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PDF document.

For Debian 7 "Wheezy", these problems have been fixed in version
9.05~dfsg-6.3+deb7u8.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrgyFVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeT7Ug/+KoyMinAIXr5grwM5QeXfGAJ6Ktx29w5MDGibMT+1BGngpydKuscEofoH
o83ctcBkIU9aXxFfzDW4ZrSOGQgifl3fR5ARNWh+KqpZpeGvkGZkph/tSTd1eLYt
cVWWAiS1xQnmWYKAnDsIgcEpwOnnCxOD0QSU87td13p8c8knQ/zy7hSqs0Ol21Dd
wNcU8TrhntZN8CvFHQwSC7ZSRv/QR3nN2wC81pUPPKXQT7ZAgDfFnt/EDqUVMIob
aEH6EVkn6smN9RjU2QRbUVmMEwDB+aF/rnVb+2oA/EjYyyQiY2Q+5/RmpTnPsKa/
Lfakc41WhLBRkWwGLzYgkImeFnIYkp0ZIM6yQSnVg7B8hRsbBYTljQwLxDdVtLAP
gNwdNYYC4Or3JXvdjoGcef8Z/7Ui1glBspI9chZYmq28jqbmh1wui1FW+/dPEzUD
lz527pEA2E9Bh1snwzuTCpOwTBP9xMAiLkFiCM3PEyqFPQi5V8bl2PlNzad/hk5V
mLB0UXvRG3QOcAb/uqLuh3PxU/+r8LJ0RwL3aemSoQNG+NCz4TGmi/wjN6OuhlUi
nqPoKf/dHW7WLifWY3gdz/+RL+wesY+qw6TXJd0NY4FYeYKmasxIPKw5nMkP28T2
+HA7CX06w5IV1tQ3cYH3vooVjlW57F/nm/2EGeI++60UfV4NP8o=
=kb+M
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1362-1] gcc-4.9-backport new package
Next by Date: [SECURITY] [DLA 1364-1] openslp-dfsg security update
Previous by thread: [SECURITY] [DLA 1362-1] gcc-4.9-backport new package
Next by thread: [SECURITY] [DLA 1364-1] openslp-dfsg security update
Index(es):
- Date
- Thread