Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2400.2
ghostscript security update
31 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ghostscript
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-8602 CVE-2016-7979 CVE-2016-7978
CVE-2016-7977 CVE-2016-7976 CVE-2013-5653
Reference: ESB-2016.2396
Original Bulletin:
http://www.debian.org/security/2016/dsa-3691
Revision History: October 31 2016: Updated Packages available due to regression
issue from initial release DSA-3691-1
October 13 2016: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3691-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : ghostscript
Debian Bug : 840691
The update for ghostscript issued as DSA-3691-1 caused regressions for
certain Postscript document viewers (evince, zathura). Updated packages
are now available to address this problem. For reference, the original
advisory text follows.
Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may lead to the execution of arbitrary
code or information disclosure if a specially crafted Postscript file is
processed.
For the stable distribution (jessie), this problem has been fixed in
version 9.06~dfsg-2+deb8u4.
We recommend that you upgrade your ghostscript packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYE2K8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0AAoJEAVMuPMTQ89ESWcP/31xgpW8BJtGnEVAA5O5cl+y
ZktIhOq3fHBi2BdCAyiaTFOqdIPrKEOVcFLkc15f7zxR1ph3H/ociBW98Jy/i76F
ERDhNRV/vm6KcP9d8K1trUYb0VKhMp8n6y0/7tta8ej7C+YU+aHGIvA3rlGF0v+4
IWi3xeOch2E++qAfCdcfGNMqOGzakfXlDeSw1L6S2CcXzXtGm0s6tL5L1NuHotGv
RN9iTYSD4Q87+TcdxmSUXiQexIjWEPgFxsmGG8UrGjFarx43GM134zYE4hfJNQI5
JzUjnjf4fGr367RD5I/bxDIgGSndtpXoTVQ9RVV8PWkrjQ1F0NdG9XURBGFJYngF
2nkYEruaeiTvG1dfv0m0FuibHOhYmjzQD7iXiw+87S4kXhb8Swz/lxSSMtLT/1/Z
qJs/1PUUJu/2839Xm52E/bu07fEmdtnNYyuffeNvojQN7jZxVu4H0STjxg5CKd/2
T8owo4XOYRXjrOP0Cn/3EpES+ptAd8xILZU7Jc9WjtE3GcyxYbPJ3dCDH8f8dVvh
AygDCORPKNVt3ZkmO79M9NyQs5zgRYGzOi+lPFw6DP+uglYkmRRPzJrv8TRU7lTe
CUthYn/Zsl8w5FTsybCsigXP2FFFMGZ/i8dWwn3qmD0CET3GxxkCJSyH9ymT//Mk
dV3tsO9d8YmmMQ7Uwwqq
=4I9u
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWBaSuox+lLeg9Ub1AQiqZA/+JNkTXToj+OIO/rdzFFXl1qjh8LwRAp4r
b8srW88POyo6uBAvRDO2mN5pTuUQjYLhVycBgBE/jb7V75qDNvKGDrW8E1sj7saI
Nr02EJlBMIeErbka+71hs0FEvm/XqPmnEbwJkJ1Wqa8b9C/6RKonCXMBzjKINtGq
5sYs6PoWYvHL947dL6LsKGPgCDUsqNAyuz9FMHIr4FvrVoEyAQUCIBlv7q4AhIYZ
CrCYunrz9iMkIt0+y2VV6ex8SOT/En7ct7hFvJVwBQP1KpO19JmV6tZ1nYhdtyb6
gEiazFu/qbwjSvap0bF+N7Twq/YSKW5F5KnaSl2kgZgB8Mp1Nme2Vbr2lltYhxLU
4CwoVsDW6W7n5MMElDb2JoN508Hc/VvavSSIChzyg3QrYll0HmxPrsSPk8/ynNZV
LFq8apOZA5dkdKuS5UxH/onJNEqdWQF8h3UsxuuZJEGv+tH/UN/z1Tb6CIHwkUpj
4Ob5JvuRSgGMw1bipMLFR2zpNwytXftF4cCDuReVumdXFfYKCUMSbbDzAZCiR3pr
rfZ3mIXTKqvhGpQ5RynwkwPvwLrEvCUj9YnuC3Uohs9akEz/mhKKlk/pQTkOvRRe
Q/zj7MLQP0E4Gs8a+tMlBuZAymt/1ogMO8nnV7Syuppl/APHelkIMO/WSrT+rovz
NIbdqtwbYGw=
=0kDV
-----END PGP SIGNATURE-----