lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 29 Sep 2017 20:58:54 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3986-1] ghostscript security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3986-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 29, 2017                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2017-9611 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727
                 CVE-2017-9739 CVE-2017-9835 CVE-2017-11714
Debian Bug     : 869907 869910 869913 869915 869916 869917 869977

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service if a
specially crafted Postscript file is processed.

For the oldstable distribution (jessie), these problems have been fixed
in version 9.06~dfsg-2+deb8u6.

For the stable distribution (stretch), these problems have been fixed in
version 9.20~dfsg-3.2+deb9u1.

We recommend that you upgrade your ghostscript packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnOs+dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S24Q//e2TcLcBkYW121CLw/VsyEihs7wdGoz8oivw1NhIki8dK4B3HVDiCbxth
7LXDLwGcJsiXea9NMZnY6ZPma0LatBAtDpH1nK7kvVAhv/y+4KuVZ2KZX88xuggk
jXPN2l5eaFZttvrFAX1JiU6qvhqg2J/WC5Fykb6hiGLpb0q/IQ8ioVsd42DgsGfT
ENISCJyFZu0tRMP7rVkeVZk36xmSKrb7Qtbin+f0rifw4KNl2JnUUKlxkmnomufr
dNWzZDUw29simL9sVo7gB0cz9XfijFh1hq4G55rBMAoeoCnLg0dvlaNbDu/968U2
CotsX2e19JvyL91iwglOfXBabpAd1mbXZCp8KNZbo6AL1hxIHTXWf5C+fJpUVYVZ
pFuVd5jZvDkZHuJV1no5V7lHO40zH5GGXgAKR67tDHmMeskfVYFYZPzgbTNH7Lrj
/wT5U13nwWSRFw7IOj0eXJc0EmM9brwto1LLtOZi5NrQyWwmMSRZ+GQywOpawz1y
RPPBLIngQ3ZRPZ58gHgyE3c1bp5Bg9BmDgxajfzy9QiejyAlSw3GudqBQNDPRklA
dSF9NBkCrwWUU9TLky9JfDVZc0Fh2sy1N4nYNBYOqn3r6/iRqzsvGpyGjU/xfSKC
uyJQDj5ym1zVnfFVJ2i2angyMYD7g7FHcw9gbJjNcSUfrfk0zjg=
=x/ao
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists