Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2400.2 ghostscript security update 31 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-8602 CVE-2016-7979 CVE-2016-7978 CVE-2016-7977 CVE-2016-7976 CVE-2013-5653 Reference: ESB-2016.2396 Original Bulletin: http://www.debian.org/security/2016/dsa-3691 Revision History: October 31 2016: Updated Packages available due to regression issue from initial release DSA-3691-1 October 13 2016: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3691-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ghostscript Debian Bug : 840691 The update for ghostscript issued as DSA-3691-1 caused regressions for certain Postscript document viewers (evince, zathura). Updated packages are now available to address this problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed. For the stable distribution (jessie), this problem has been fixed in version 9.06~dfsg-2+deb8u4. We recommend that you upgrade your ghostscript packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJYE2K8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0AAoJEAVMuPMTQ89ESWcP/31xgpW8BJtGnEVAA5O5cl+y ZktIhOq3fHBi2BdCAyiaTFOqdIPrKEOVcFLkc15f7zxR1ph3H/ociBW98Jy/i76F ERDhNRV/vm6KcP9d8K1trUYb0VKhMp8n6y0/7tta8ej7C+YU+aHGIvA3rlGF0v+4 IWi3xeOch2E++qAfCdcfGNMqOGzakfXlDeSw1L6S2CcXzXtGm0s6tL5L1NuHotGv RN9iTYSD4Q87+TcdxmSUXiQexIjWEPgFxsmGG8UrGjFarx43GM134zYE4hfJNQI5 JzUjnjf4fGr367RD5I/bxDIgGSndtpXoTVQ9RVV8PWkrjQ1F0NdG9XURBGFJYngF 2nkYEruaeiTvG1dfv0m0FuibHOhYmjzQD7iXiw+87S4kXhb8Swz/lxSSMtLT/1/Z qJs/1PUUJu/2839Xm52E/bu07fEmdtnNYyuffeNvojQN7jZxVu4H0STjxg5CKd/2 T8owo4XOYRXjrOP0Cn/3EpES+ptAd8xILZU7Jc9WjtE3GcyxYbPJ3dCDH8f8dVvh AygDCORPKNVt3ZkmO79M9NyQs5zgRYGzOi+lPFw6DP+uglYkmRRPzJrv8TRU7lTe CUthYn/Zsl8w5FTsybCsigXP2FFFMGZ/i8dWwn3qmD0CET3GxxkCJSyH9ymT//Mk dV3tsO9d8YmmMQ7Uwwqq =4I9u - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWBaSuox+lLeg9Ub1AQiqZA/+JNkTXToj+OIO/rdzFFXl1qjh8LwRAp4r b8srW88POyo6uBAvRDO2mN5pTuUQjYLhVycBgBE/jb7V75qDNvKGDrW8E1sj7saI Nr02EJlBMIeErbka+71hs0FEvm/XqPmnEbwJkJ1Wqa8b9C/6RKonCXMBzjKINtGq 5sYs6PoWYvHL947dL6LsKGPgCDUsqNAyuz9FMHIr4FvrVoEyAQUCIBlv7q4AhIYZ CrCYunrz9iMkIt0+y2VV6ex8SOT/En7ct7hFvJVwBQP1KpO19JmV6tZ1nYhdtyb6 gEiazFu/qbwjSvap0bF+N7Twq/YSKW5F5KnaSl2kgZgB8Mp1Nme2Vbr2lltYhxLU 4CwoVsDW6W7n5MMElDb2JoN508Hc/VvavSSIChzyg3QrYll0HmxPrsSPk8/ynNZV LFq8apOZA5dkdKuS5UxH/onJNEqdWQF8h3UsxuuZJEGv+tH/UN/z1Tb6CIHwkUpj 4Ob5JvuRSgGMw1bipMLFR2zpNwytXftF4cCDuReVumdXFfYKCUMSbbDzAZCiR3pr rfZ3mIXTKqvhGpQ5RynwkwPvwLrEvCUj9YnuC3Uohs9akEz/mhKKlk/pQTkOvRRe Q/zj7MLQP0E4Gs8a+tMlBuZAymt/1ogMO8nnV7Syuppl/APHelkIMO/WSrT+rovz NIbdqtwbYGw= =0kDV -----END PGP SIGNATURE-----