Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3095 [SECURITY] [DLA 1880-1] ghostscript security update 14 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-10216 Reference: ESB-2019.3080 ESB-2019.3072 ESB-2019.3071 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/08/msg00012.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ghostscript Version : 9.26a~dfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638 Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 "Jessie", this problem has been fixed in version 9.26a~dfsg-0+deb8u4. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2 gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3 gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1 R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8 W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe 6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9 jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa 5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM= =rLH6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXVNaX2aOgq3Tt24GAQgw3A//UH6FVXdrwJ8YfDzNy7YdnLF55qFhT22a I9+kCi6oFLzQx9C3HIxqFOJ7KVSz/NDZojc33EaXfpckOx7qbjX2h35Fl11xqKFr hUCOn2n28dpuahQv7RWPBpjM1JWln+Vs1PBlLFuuskkwtkcJTRsGWtOvwziejyO4 FibDPEI3yzyoev/E2TYZu8f4Pf3Chye4gTFKjs9R4vvqPDLFXZ35lbAmuEdOsY3h omHYUqf0fiVjaEFAZftb1wr5oeWDP3ny7bxzJe7srsKDcqNlymZF/48T3SZpqwi1 oZUzo3uijzkQ2iXlH8n32nRgSxIHW4QK2ZAM2AOo1pJUYqcKTiQKX4QHxWubtmJ4 2eDEmpFhrYPjB0I1qzwxCWM5fCHTrcN0R/sQnzAVxbUwHWLPFuP7PcsMbWoT/djf krjRB1Kc4iHiwT9vIqbF9kiiTiDvglwiHmKNEVCJ+QqDeno03IqhMFN5MkgzBgnj B+mo/zs4dgvD9qbz0FpEMPZ1NgbK0DewQMRvv25citdXHCCl2PPjdSNai1qTgn0Q P44z/g5sV39efV4YK8nnRnmVNE/TlZY7cN2/uyLQUqVTZTYzqHMpyTtyQHAmxX/H 7N00gKeYLgxAHw3XoMMVTrCbo/Q1X2L8UdtdbCfvXL3Yae99XNph4NT0WS1iQgon ZYPRoS+Dy0A= =pbNB -----END PGP SIGNATURE-----