lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 27 Nov 2018 22:45:15 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4346-1] ghostscript security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4346-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 27, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may result in denial of service or the
execution of arbitrary code if a malformed Postscript file is processed
(despite the -dSAFER sandbox being enabled).

This update rebases ghostscript for stretch to the upstream version 9.26
which includes additional changes.

For the stable distribution (stretch), these problems have been fixed in
version 9.26~dfsg-0+deb9u1.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlv9yK5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Sl8g/9GnHpR7PrP47xykdjn5kJnepTk3xCknUC9xSZol0MAJ+jfHf92BnxUhD2
kOQvFlFVoQGdxcoieQ8YFue+1k2MHSJyVi/oyngwRt41qxPj0Nua0UKk/eGfIlQ/
HsAWHcPgjJF1nMC84oiwFzEUPVoH+hY1yxIFATIAWFU9wdKD7IoUF4MTzbCpfuMp
nhK9eTJA0PQoHYH9c3VHSkHPtcV6nLvgR4RUC9UPkJtKKvp8zGIaXObjr9DkrlDI
pztcryAI/Hwoj99ZEpZXpuDGZArp4Ndm1FFqS0M+oPWezBFBd9Z4cWiLwjEeOtfR
nR43jcY/vElIn6qsIHQSI4RRfpu3WUCPGZDtZn17CIzIA1v0ODfKD16zIR+tau5b
j89frAABclSCFIAJn61OP8RqQE/fArG5EjL8uyEQDeiwdQh+ce717NKUX4YK9Z21
2pWSa022BxT490+pFKmKGPgdFdVEdz/uj/+qBaNKmt5YcWH3OyisyGv3Yn4QCcZf
fZAbGQ4y+4A9LbHtD5R6e6g7tipUQWyHcKxsTrD+AIfIZcKIB7BTpAJhcEZJCDk6
QX2DFA+g6AwIQqIC+/0JW5amjU0SZM1N3fVVFc9hoiOqEGtAUzjMQ9deBapkbPon
Nh7Z8HViCx6j1gfNjhPc2Wj+Fw1wkEC2fjG1Mrd00izIXtj7isI=
=xNXq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists