Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1657.2 ghostscript security update 14 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-3839 Reference: ESB-2019.1657 ESB-2019.1620 ESB-2019.1607 ESB-2019.1592 Original Bulletin: http://www.debian.org/security/2019/dsa-4442 https://lists.debian.org/debian-security-announce/2019/msg00087.html Revision History: May 14 2019: Added DSA-4442-2 May 13 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ghostscript CVE ID : CVE-2019-3839 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the - - -dSAFER sandbox being enabled). For the stable distribution (stretch), this problem has been fixed in version 9.26a~dfsg-0+deb9u3. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzYfmhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R0nA/9HwWnGjqu+x4qM2nF6BUg4k3RTsa6EuhpoVb2cFCZ4aWeNN1ziW1R0+sP BAempPWK8UA+ypSsyg2PIoUIGcTBo9n+lkw+35kQY5qwrFgCx/eCbuk1h/pwSDbR Vanp/0KckQnQSR0cTL+gb39UWEQsQiD8BdG6Ytk0YtbErm+8GP3Bt8GkhXCc7TB7 guBuV5npQvrOZgQc2DvJp+JzLMW2ig0PwVhvNfna4LGptIOqMA0nQDcQW9Xuad54 JOOW+Hwum16LfvTgSFYZ8LFKjm7eWvc1dc/u4c92OOZPW1MUqnp0IYIBZ90Uh9xI BBuVjbR0nYxE33G20E0CeNyDtET+niKnJAr+Svi2cGdC2YJqfvJIy12gofLY6mGL LgdysPfvWqE0+rFFTFGz4l+/h3XOBAJ/yqn8GNDiGUuYhzFpNfycBHP0w+EkUVr+ zUyqAjnvvHYYdOhtnl+YcEbDYnyk8ikjqONidP8GeSsXuSXGPAQGmhjtjOultfXI NKDHkPKoqBR8IOKG33GHYXSli2Hktx4dmK8cAsPfJ5Hz/C0elgncP8dxWxZhv/5F wtUGLud01FTZtRZYbP1Qc07lNQYxGrkr6ALq2UDPJ25e/VBwRqF/S6Wi7lhORsNC Q7bQyNw9uK+6qe+rPDUoTgO2W9WFbxLt34VIihzsHMEaHVass0I= =kTeP - -----END PGP SIGNATURE----- - --------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : cups-filters Debian Bug : 926576 928936 928952 The update for ghostscript released as DSA 4442-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal "pdfdict" now hidden in the ghostscript update. Updated cups-filters packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 1.11.6-3+deb9u1. We recommend that you upgrade your cups-filters packages. For the detailed security status of cups-filters please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups-filters Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzZ4ZRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTyw/+LZ3VfRahSRRCcOZQeBsm6xGfgT9EpL1rrx1pWRD/c7/UdtM/pwGAs4ye T6Gp2fHH3OKZy+tE4S/bwxNObCYAIs9FPFKUfEQde+hprPVVFi17ZZf0hckK7Ebw /8XvOVb9mugdrnb5a3p0ZULqYceg9J4VBfsv+c7dWJ6blgJ4V9Gq6vrBO52gKTIJ ovXLghI5UFVakmVbd2MMhpgULOp3dO3V2NCEwlas2HKWuTtcWbtk1ZkfyB7lIA8L 0avr5ZthjUMBX1Zuug05Wk+FFjTqF/02zjNHtXv3rZymNf6HR0LQEqok+LWrkj/J hpgmB2Zrea19FAofY/bbNbp1YyQejpko6i7zVWM6tDCO/PYCAAlQeFa9ATvfdAP+ OYqlyZeU7SKYLpqtjXKtLFsYHpzluWQF7aljmTlyP08i1ddRaTyraKtQP2rHV68c pyZEEjIFWFsrnP3AXBI9QcpO5U+XP62SdbN1mB+2So6nR6DWpQ9bKMEvys0cPsR4 xM7Mmj1eU6gOGuNhjQlhA5SSU+52ZogP8dgqHWeKVbkmv2EOMc9ycxuLbeWxDHQF rNv+AiQt2z7xLOHrPF7+jrlXkKl8rJhu/+oGkTxit7JZ6xrFkzpCpJK28DO8F8Po uFwafT5q74IDA+egRcgdseeMiu8TrECIjmgRMo+50YSatXjqsh8= =jRtJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNoA5maOgq3Tt24GAQiWpBAAqI6IA+hP4pIYCRgOcZR66/fRE1o/vPzZ Xj/RyHnxXrwv8+oCTofp04r2OtQJG95cPI1cUmOWU/uEWgZylcMyv20IoXYBQPFh 4W8jY9vyK3q79FvKpKwTWrh4aZxZ16jOZZDEj0tVEB+surA7+oeLyYjwNr5A6pC2 6Tdq03RGwbbixXVWtssLotcZHh3pbIZvGlSHaJLz5uMUTTE4XpT0bf5CD3qYNt7u XVp/XPaHgYFYpZSSOcG2t6G0OydK3wk9JVELsiQuPAhoo2I+fR/5j8jaIoZ3BhEZ qwE1QPHyHzfDu5P3VqPLjaH3v948fiWrQ42B5T8e1iwYGWpV0VscmRksQQKCTjYB wDHrFJP5wubmfloOUyVIN9/2A2Uwgap3yR+F1rNRmdeMxkDvGMyYLfYiyhbTQz28 kX92T/fqluzD7xe2Q3VpmgSEnblDIaXh1WmJO1CYYs3Xe0pM+4X03tE3SEtI7AzW FFDHFncew5klwUr4FH7GrzWUMb7uibhcJ3FzC54U+DIj4TMiPNozvUhh3/Nkn8uO euyWHitAjnTUO+SZQJy9FhvxNSkfUUyrEyHdE75m+ka11mjcXgGoIVCMormw3QV9 uZC4gKQ2m+N6GizxzSII0Zyitx3FoNnUyRERPb6b3LdgLzt9T50tP412cbQrPm5Y fL7nk4MZBS0= =jWic -----END PGP SIGNATURE-----