lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 28 Apr 2017 11:51:39 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3838-1] ghostscript security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3838-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 28, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207
                 CVE-2017-8291
Debian Bug     : 858350 859666 859694 859696 861295

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may lead to the execution of arbitrary
code or denial of service if a specially crafted Postscript file is
processed.

For the stable distribution (jessie), these problems have been fixed in
version 9.06~dfsg-2+deb8u5.

For the unstable distribution (sid), these problems have been fixed in
version 9.20~dfsg-3.1 or earlier versions.

We recommend that you upgrade your ghostscript packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkDK7FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Sy2A/+NRPzrRNkijdWTdHNqNT81bZ1Rodg0+gbHFlZ5z867x+A2G7qlYLfJhcS
dkdHG50ANakgqPVkjy4bdIeakFerlHmlVVGUfiVD5MGPblBKWYL1Er4wybhW2ucs
ATmOOKrxjzD8lRCwgxN2LLgdAJn0o51KZJYYxu1QQsRMlR1LqmfOJwQlhHck/9eC
WMXTojqIzamgUHOe8CInu7j7dZofHHGnjPGQqbCUBF3/2/y7IxN5JwsiSpsQTnPC
/KeRcGa2t+fILdM63cahPk+bGivECeXKql9gF8087z5iDR53+uPqubW6GF/OFEpS
2AdT05Mttx6gyiJtAgzFW6Fmv1CH1xynYnsi8e9YhRaDfW7L0/l+fHraHDNrMDnS
IqKPpVUqxjXFNWwKVU6XlP6WEaZvUacU5VUjKd+4pIBkplIx0teQ6t4QPsnMM106
FEO3ob4/2uXICWwdVK/HGAA083boSdpJ1fij9lR1AXflvth2gv5vIfIqHTgeA+uU
MyK5O0hKpKaWYRW5eIUtLA3/woPnXI75LSZemYSw4hrauPGoVWgs0gPtxpPhCLZM
SW3sP+jRY7LCoAG/uvW+CRnBhcbkjbMZUK9PfpCE+Fgae/T1kxkNtUXEVjoho7vx
PAWRr5RaLFusbPlExP34C9mRnbBM3VPUJcTJn8hguKz2tjmkCfY=
=usrs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ