[SECURITY] [DLA 1880-1] ghostscript security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1880-1] ghostscript security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 13 Aug 2019 11:11:04 +0200
Message-id: <[🔎] 59f5d37c-c503-2d54-6604-4ce552debff9@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ghostscript
Version        : 9.26a~dfsg-0+deb8u4
CVE ID         : CVE-2019-10216
Debian Bug     : 934638

Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL
PostScript/PDF interpreter, does not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.

For Debian 8 "Jessie", this problem has been fixed in version
9.26a~dfsg-0+deb8u4.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2
gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3
gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv
Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1
R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8
W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At
C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe
6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9
jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd
cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa
5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS
Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM=
=rLH6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1879-1] jackson-databind security update
Next by Date: [SECURITY] [DLA 1881-1] evince security update
Previous by thread: [SECURITY] [DLA 1879-1] jackson-databind security update
Next by thread: [SECURITY] [DLA 1881-1] evince security update
Index(es):
- Date
- Thread