[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1915-1] ghostscript security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ghostscript
Version        : 9.26a~dfsg-0+deb8u5
CVE ID         : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817

It was discovered that various procedures in Ghostscript, the GPL
PostScript/PDF interpreter, do not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.

For Debian 8 "Jessie", these problems have been fixed in version
9.26a~dfsg-0+deb8u5.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl12QMkACgkQnUbEiOQ2
gwKtTA//To066bQhVLMikxgvAhfpAdp078bGmuUHli+9u9uKoUHQb/IlO5BoOWvx
Y5KdZvmhDYNLYhTAMdG5UQ1Phdfhod3ry893YvfDboRuhd5dcjry336sFwhHFVDx
e62SWPisyfEh2DxNGU5WWXGO6I6I6jb+uqJPc0bC5TzI7hsl0cSEjfWqugyTbSpr
TwLaAxcV1AMpazZVcIYwT7WsyeNJ9L9AzO1KwDw0flafbcJfj2eriQEMwO4DQf5n
X77B/BJYdWPE+g2rfJxmfWN8jSQ9QLA0pl3CtmmUTLnpVMbtm8JkpTuoWJ0AJAsA
1EJmU4s8R9+VFwIRJtTETnQmOo3R2PjDGlZf+T+rUx1yuFKDTgYLSs3vO1a28g0w
bRR+yYV4XGIQUMGlL/tctyAw3khdQSMv7zur0cAkTUPniqnqq5A3fmpLoo5D4E5k
WZCuJK23kfBgwfwqKSvlAGRMCDIJr6I4r/m5i/6dZXoStfb9AvA3od6MertRf4Bd
MoWG88DW61CivNlaFpuIjuHVQyvNAL86fl4lHSGlPZrNFXpGH/C/uSSvQKSIr7qn
RMYayZvp0PiW4moal431D5UfmajoY8hJRfaO50fcOJEWQfZ1ojlFpMspUcid5X4H
HIJEBbNjtXiXisjNZzVjKfNdRlFvnq64lZrChH9lsGrx9UddCGc=
=XGr0
-----END PGP SIGNATURE-----


Reply to: