Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3532 ghostscript security update 12 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Create Arbitrary Files -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-18284 CVE-2018-18073 CVE-2018-17961 CVE-2018-11645 Reference: ESB-2018.3218 ESB-2018.3128 ESB-2018.3396 Original Bulletin: http://www.debian.org/security/2018/dsa-4336 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ghostscript CVE ID : CVE-2018-11645 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Debian Bug : 910678 910758 911175 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). This update rebases ghostscript for stretch to the upstream version 9.25 which includes additional non-security related changes. For the stable distribution (stretch), these problems have been fixed in version 9.25~dfsg-0+deb9u1. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvm/ClfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Se0A//YW62Md2U7/eOOqJ7C9xL++VpSl9R6e+6+8gJmPnaP9O7QMjVo3TWOGbm Hsr39ILp1eGX+g6OdlcGqLuX4GokpGrWfo82QcJmMPeezQRkFwLM6D5SeRgHvTAF MqScvxUmeZ6vCtdFYYabYfRpiRGfP63z718vh4PtkHVVy+/svS7cmScM14nDMpKl suj5LvHLB8u3/DFHApz8SBXW9mM2skvPU9rrzx5ChHTE/e4hdSuYdfwC8zod/70N /LRXY33Eo4SAb7PV0vtPTfg0flqpKPVzYLVOUQjev2M0aPOsIk5bIMJYy7Gn6RqM MBnS+ojmW+glUi9y6aF50vnm9xq6Kby1YgK+V/qCAnQVkkfiQKRBMAaQWXHRfgYn aZ0HFUDPp0DfVkSjAU2+REhx3qs4lRJe6bpznwgJQatLzWZZW8UnkPD7O7md2SyW bAwdzF8A6833qnx6zH1RhYMTEpzEacHFqmCRCMtq90rPMeDhOKal+lcG18WfUMtf j6CIpY4KDB8U7vK8iyS7Ozx79kk4vT5lNOrMAvp26oIio+MN2/VQgqtavTH7OpW3 dxrkM6fQQoGYwnbuYzRBHYY1PIK5QO4tUinnXQwuuaMUid/pKj+b7o0s0qlmjH+z QIdS0yArvt5hIfkp++Go/TiEt/SNk7lSh3lGLBbkYmd7FQe3z8Q= =q/b+ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW+i/BmaOgq3Tt24GAQgQ2RAA3CmwCTj9D20CmVYsdGTJ/WkrTEfyxRws HltmReTn3SudyR6MYZjG9fbH2mB0P9JYiFAdrdOEOkUoH1iQH6lF3Qe1CxAjCQ6j hR3BlrSddpXjuRPdoBdFAlZXQdLXUsn6+Y74IFx8u784lx8qGTE6Zax546KLBelM Cw6NFjpEia16FDu7KsiKUua/DE80k3wqIX0WEFIVw+ReGC0ag4ofLwYUPwKVN3O4 dGI4i2aUHPcK3UB+35Tn8wKPBYDVg+9Q3rf6/nrG6vJvntSjohPYmFpIehFssXc0 tL/pHB0PllppXn5EyFtxZdmCYc8d0gqrnvVYFZM65FB0SoQx1H1NsJhBOCDYy2IW XceEaBUF/eHpANcZwx4nA3UHOfi1lc3E4wUD9bqUFeUeS4+kpUQM1vvAnPZLc530 VAleSn+Q3XeZQM3iOD6TThn5NSYJ4/NB1WjHtEnVYnzs0NuNfmHAeEtwj+fPrzNH 3OalhPEJg6ShAIXS7pEA80tZm+77jm3uyL5NcTpfx0oVU23IWCBu4vgm7UTSrppb 0DsWdeux215CHuXkr94c0gCvO/LgckPToy3vjyrqeSpgrIjDd9EKhZVBJgSP8HkE rNRMUCn1mF6j0r2Ic1Gnp9tziflkeOrbKC80mpFBbgVoOwV6PtIqW4tDKRV0kNQR 8enlX5DLYYk= =pYhV -----END PGP SIGNATURE-----