Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1657.2
ghostscript security update
14 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ghostscript
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3839
Reference: ESB-2019.1657
ESB-2019.1620
ESB-2019.1607
ESB-2019.1592
Original Bulletin:
http://www.debian.org/security/2019/dsa-4442
https://lists.debian.org/debian-security-announce/2019/msg00087.html
Revision History: May 14 2019: Added DSA-4442-2
May 13 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4442-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 12, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : ghostscript
CVE ID : CVE-2019-3839
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF
interpreter, which may result in denial of service or the execution of
arbitrary code if a malformed Postscript file is processed (despite the
- - -dSAFER sandbox being enabled).
For the stable distribution (stretch), this problem has been fixed in
version 9.26a~dfsg-0+deb9u3.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzYfmhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R0nA/9HwWnGjqu+x4qM2nF6BUg4k3RTsa6EuhpoVb2cFCZ4aWeNN1ziW1R0+sP
BAempPWK8UA+ypSsyg2PIoUIGcTBo9n+lkw+35kQY5qwrFgCx/eCbuk1h/pwSDbR
Vanp/0KckQnQSR0cTL+gb39UWEQsQiD8BdG6Ytk0YtbErm+8GP3Bt8GkhXCc7TB7
guBuV5npQvrOZgQc2DvJp+JzLMW2ig0PwVhvNfna4LGptIOqMA0nQDcQW9Xuad54
JOOW+Hwum16LfvTgSFYZ8LFKjm7eWvc1dc/u4c92OOZPW1MUqnp0IYIBZ90Uh9xI
BBuVjbR0nYxE33G20E0CeNyDtET+niKnJAr+Svi2cGdC2YJqfvJIy12gofLY6mGL
LgdysPfvWqE0+rFFTFGz4l+/h3XOBAJ/yqn8GNDiGUuYhzFpNfycBHP0w+EkUVr+
zUyqAjnvvHYYdOhtnl+YcEbDYnyk8ikjqONidP8GeSsXuSXGPAQGmhjtjOultfXI
NKDHkPKoqBR8IOKG33GHYXSli2Hktx4dmK8cAsPfJ5Hz/C0elgncP8dxWxZhv/5F
wtUGLud01FTZtRZYbP1Qc07lNQYxGrkr6ALq2UDPJ25e/VBwRqF/S6Wi7lhORsNC
Q7bQyNw9uK+6qe+rPDUoTgO2W9WFbxLt34VIihzsHMEaHVass0I=
=kTeP
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4442-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : cups-filters
Debian Bug : 926576 928936 928952
The update for ghostscript released as DSA 4442-1 uncovered an issue in
cups-filters which was using the undocumented Ghostscript internal
"pdfdict" now hidden in the ghostscript update. Updated cups-filters
packages are now available to correct this issue.
For the stable distribution (stretch), this problem has been fixed in
version 1.11.6-3+deb9u1.
We recommend that you upgrade your cups-filters packages.
For the detailed security status of cups-filters please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/cups-filters
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzZ4ZRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RTyw/+LZ3VfRahSRRCcOZQeBsm6xGfgT9EpL1rrx1pWRD/c7/UdtM/pwGAs4ye
T6Gp2fHH3OKZy+tE4S/bwxNObCYAIs9FPFKUfEQde+hprPVVFi17ZZf0hckK7Ebw
/8XvOVb9mugdrnb5a3p0ZULqYceg9J4VBfsv+c7dWJ6blgJ4V9Gq6vrBO52gKTIJ
ovXLghI5UFVakmVbd2MMhpgULOp3dO3V2NCEwlas2HKWuTtcWbtk1ZkfyB7lIA8L
0avr5ZthjUMBX1Zuug05Wk+FFjTqF/02zjNHtXv3rZymNf6HR0LQEqok+LWrkj/J
hpgmB2Zrea19FAofY/bbNbp1YyQejpko6i7zVWM6tDCO/PYCAAlQeFa9ATvfdAP+
OYqlyZeU7SKYLpqtjXKtLFsYHpzluWQF7aljmTlyP08i1ddRaTyraKtQP2rHV68c
pyZEEjIFWFsrnP3AXBI9QcpO5U+XP62SdbN1mB+2So6nR6DWpQ9bKMEvys0cPsR4
xM7Mmj1eU6gOGuNhjQlhA5SSU+52ZogP8dgqHWeKVbkmv2EOMc9ycxuLbeWxDHQF
rNv+AiQt2z7xLOHrPF7+jrlXkKl8rJhu/+oGkTxit7JZ6xrFkzpCpJK28DO8F8Po
uFwafT5q74IDA+egRcgdseeMiu8TrECIjmgRMo+50YSatXjqsh8=
=jRtJ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNoA5maOgq3Tt24GAQiWpBAAqI6IA+hP4pIYCRgOcZR66/fRE1o/vPzZ
Xj/RyHnxXrwv8+oCTofp04r2OtQJG95cPI1cUmOWU/uEWgZylcMyv20IoXYBQPFh
4W8jY9vyK3q79FvKpKwTWrh4aZxZ16jOZZDEj0tVEB+surA7+oeLyYjwNr5A6pC2
6Tdq03RGwbbixXVWtssLotcZHh3pbIZvGlSHaJLz5uMUTTE4XpT0bf5CD3qYNt7u
XVp/XPaHgYFYpZSSOcG2t6G0OydK3wk9JVELsiQuPAhoo2I+fR/5j8jaIoZ3BhEZ
qwE1QPHyHzfDu5P3VqPLjaH3v948fiWrQ42B5T8e1iwYGWpV0VscmRksQQKCTjYB
wDHrFJP5wubmfloOUyVIN9/2A2Uwgap3yR+F1rNRmdeMxkDvGMyYLfYiyhbTQz28
kX92T/fqluzD7xe2Q3VpmgSEnblDIaXh1WmJO1CYYs3Xe0pM+4X03tE3SEtI7AzW
FFDHFncew5klwUr4FH7GrzWUMb7uibhcJ3FzC54U+DIj4TMiPNozvUhh3/Nkn8uO
euyWHitAjnTUO+SZQJy9FhvxNSkfUUyrEyHdE75m+ka11mjcXgGoIVCMormw3QV9
uZC4gKQ2m+N6GizxzSII0Zyitx3FoNnUyRERPb6b3LdgLzt9T50tP412cbQrPm5Y
fL7nk4MZBS0=
=jWic
-----END PGP SIGNATURE-----