[SECURITY] [DLA 1761-1] ghostscript security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1761-1] ghostscript security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 23 Apr 2019 13:56:16 +0200
Message-id: <[🔎] 20190423115616.i7nu7smczkwcame3@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ghostscript
Version        : 9.26a~dfsg-0+deb8u2
CVE ID         : CVE-2019-3835 CVE-2019-3838
Debian Bug     : 925256 925257

Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in bypass of file system
restrictions of the dSAFER sandbox.

For Debian 8 "Jessie", these problems have been fixed in version
9.26a~dfsg-0+deb8u2.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAly+/PsACgkQj/HLbo2J
BZ/tewgAoNoQW58dj7dRrmtmuKklwTZ+kQcsTsjrJ3zM5TB+lVM3YyCbBlEOoIg5
/tpDtDPHItkBTPIQAav7n8JaSp2+A61j/VKQ4M21Er7YxsRrM6oHLTTeWXr0+AXR
OHs7Ywa6W/ys2tl5DNvvFkoC8qriNGdZigm0b/qLOUErlFEEYwb0EXJpaOXjhuIW
t67Gqs9wY+eM1+AOhXsW9vfy0ICkmkc/584D1D2XOQfs6JoWiwmL8DErTNZhUd3P
+XXKpz0luDt8O/RQ7QtCU73nENtp5bgo7mx1ojWMDxX4Oxb0X4+CXsPzyQ53FXma
tj+wyIt7viWK3SfL1iJaUNcSXKPbjw==
=wRFI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1760-1] wget security update
Next by Date: [SECURITY] [DLA 1762-1] systemd security update
Previous by thread: [SECURITY] [DLA 1760-1] wget security update
Next by thread: [SECURITY] [DLA 1762-1] systemd security update
Index(es):
- Date
- Thread