Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3095
[SECURITY] [DLA 1880-1] ghostscript security update
14 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ghostscript
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-10216
Reference: ESB-2019.3080
ESB-2019.3072
ESB-2019.3071
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/08/msg00012.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : ghostscript
Version : 9.26a~dfsg-0+deb8u4
CVE ID : CVE-2019-10216
Debian Bug : 934638
Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL
PostScript/PDF interpreter, does not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.
For Debian 8 "Jessie", this problem has been fixed in version
9.26a~dfsg-0+deb8u4.
We recommend that you upgrade your ghostscript packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2
gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3
gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv
Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1
R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8
W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At
C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe
6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9
jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd
cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa
5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS
Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM=
=rLH6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXVNaX2aOgq3Tt24GAQgw3A//UH6FVXdrwJ8YfDzNy7YdnLF55qFhT22a
I9+kCi6oFLzQx9C3HIxqFOJ7KVSz/NDZojc33EaXfpckOx7qbjX2h35Fl11xqKFr
hUCOn2n28dpuahQv7RWPBpjM1JWln+Vs1PBlLFuuskkwtkcJTRsGWtOvwziejyO4
FibDPEI3yzyoev/E2TYZu8f4Pf3Chye4gTFKjs9R4vvqPDLFXZ35lbAmuEdOsY3h
omHYUqf0fiVjaEFAZftb1wr5oeWDP3ny7bxzJe7srsKDcqNlymZF/48T3SZpqwi1
oZUzo3uijzkQ2iXlH8n32nRgSxIHW4QK2ZAM2AOo1pJUYqcKTiQKX4QHxWubtmJ4
2eDEmpFhrYPjB0I1qzwxCWM5fCHTrcN0R/sQnzAVxbUwHWLPFuP7PcsMbWoT/djf
krjRB1Kc4iHiwT9vIqbF9kiiTiDvglwiHmKNEVCJ+QqDeno03IqhMFN5MkgzBgnj
B+mo/zs4dgvD9qbz0FpEMPZ1NgbK0DewQMRvv25citdXHCCl2PPjdSNai1qTgn0Q
P44z/g5sV39efV4YK8nnRnmVNE/TlZY7cN2/uyLQUqVTZTYzqHMpyTtyQHAmxX/H
7N00gKeYLgxAHw3XoMMVTrCbo/Q1X2L8UdtdbCfvXL3Yae99XNph4NT0WS1iQgon
ZYPRoS+Dy0A=
=pbNB
-----END PGP SIGNATURE-----