[SECURITY] [DLA 1598-1] ghostscript security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1598-1] ghostscript security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 28 Nov 2018 16:00:30 +0100
Message-id: <[🔎] 71068034-2f47-e334-3f69-8fcf98354993@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ghostscript
Version        : 9.06~dfsg-2+deb8u12
CVE ID         : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476
                 CVE-2018-19477

Several security vulnerabilities were discovered in Ghostscript, an
interpreter for the PostScript language, which could result in denial of
service, the creation of files or the execution of arbitrary code if a
malformed Postscript file is processed (despite the dSAFER sandbox being
enabled).

For Debian 8 "Jessie", these problems have been fixed in version
9.06~dfsg-2+deb8u12.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv+rY5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSwPg//VDj62F0eggkiTp0wDZOGCFnTwxRa0IllF4Om3611flApCYWhf5QNyZqV
juJ6sKHSgHSZlIdOnHa1fa75ITSjQt1V/TsLfe69/Xg5QbcDPv59Nz+QtTj5Nw1O
fffy8puGCVG+/8ZejjNXLtJGEwfxfKZ+R1sn8TPI6pLE34ciW0VDTaIabE+zWCsX
0V7D4IF5YTzFJsGoHqdbd9ER0a5w65PN+GjFSNQBhy7Fr3f73uF0IMoe0HxKom4R
yFaai3OjhnKp2BFsv27aeD32OlAAqtIYf7AKxiBZkCYK42ki4glUsQe3gP3T9VLF
g39PKFdJkmgcwUH4uxvYMv7fmfHOAQ6dS22kYidQhN13I0uSJzrC65Q3YWQgIwym
Kpc/GywxCX2aYVU7kPRNMofEASx4UaN2VBoqeIDfGlI1l5esuo/rHwlMeFVXWzM+
Ngs4i8PIDZv29Rvuo1SiZW8TA0/8z3fIhI/wcVrUoiZ5v2af67aWL2AmT8cyHz3M
u1ZBGS3vRp+yDpqfdDoaYsM8mfIxglzQ36cghdYTvITYf0MJe5iMiKwwKNyQBv+V
w2w11Zxng81dcbj7dB0ZwBAmP05PtRVmSqDJp/z3b4/X8DwYEgjf1dD+ix7CeRg1
hUnADBZuKcabtAkYO/vq31cCZ72MjaKHgv13RAd3s84OumO/qIE=
=MzWf
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1597-1] gnuplot security update
Next by Date: [SECURITY] [DLA 1600-1] libarchive security update
Previous by thread: [SECURITY] [DLA 1597-1] gnuplot security update
Next by thread: [SECURITY] [DLA 1600-1] libarchive security update
Index(es):
- Date
- Thread