Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2753 ghostscript security update 14 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ghostscript Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-16802 CVE-2018-16585 CVE-2018-16542 CVE-2018-16541 CVE-2018-16540 CVE-2018-16539 CVE-2018-16513 CVE-2018-16511 CVE-2018-16509 CVE-2018-15911 CVE-2018-15910 CVE-2018-15909 CVE-2018-15908 CVE-2018-11645 Reference: ESB-2018.2684 ESB-2018.0393 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ghostscript Version : 9.06~dfsg-2+deb8u8 CVE ID : CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16585 CVE-2018-16802 Debian Bug : 907332 908305 907703 Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). For Debian 8 "Jessie", these problems have been fixed in version 9.06~dfsg-2+deb8u8. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluaVq5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRjvQ//e4fGGBFvqsvF5B11yW90HuU5piPErwYuIn36tTHF1SqinjXwqX1AIgnH 1swYqbZ6+/S58iXlC3xUwKB5Hh2TE3NTLKO1qkq1/9Qrco7EV2IF80VfVlBfBNPy ODKZ5YRn9PPSSYOuRrU0ElJqqhBrekwRf1vjN4Dc2ow6AaUQijeBSa038r4Yz+fj mugoK3qwvV3Fgvx38lPbYbX30mKEN73hSnsHYek7ML/41dk1xWkiFSv5+GfFYimF 40EBxB5ymPN9wGNNkC0FamsnTHgmj4wtuKmtPB0/xZElzjKEJfviDJgXr1Il3bQe +gK0FASQ9tJoRkiSBoFSXaFzX6Et87TjWzP2LaotTYVCkMIPdWIt2V7Hh+PULYJ5 lNjKpNkyYhXQJU+e8zJyotlxolZz4gtB+OqQqP7U7dp2c/V3ZTJoKyPP+mAHTFfN vu8q1SWGmpu8i+mPOqWIT/ANQK/p2fiAYkXNL60p7csmogUuopd6X/a/q85+sLuX ulV1PNBNzkE9OFgOrnWnrh153vxcydbEuk7vQxvYfNO+5bWziKpOo2WYTasWukCV XHy9NyNrhxNz0zXK8jWsSUUMIs//hVOx5wfUMvxeywL51aWZhqBRKV6tdIHOraBC iTbp3JW1mFIPpe/7b1xSmLHkHBj00lMBQI8Iyd0pbDjtf57R9Y0= =HZum - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5tDHWaOgq3Tt24GAQgZ5BAApNHDuGBM6lvVAya473fQNfaupTgMPNzN HW9YwpH3cD2nS5EwYXaSYMXezaCvCgrmgn88ilj8MsdEdfrTTTyNVrwjvTgx0zhI 55GYlUrNoZj+LzeC4Klbrd+Wvtofav6CGQAS2ex4l9LqP4fYWgyJoTKVLxBKBEDY MGA/N1/OyxgB/vAcezchXFRmm11eN9GTRLezuNxpxdaV35qgv5c89bk0GWFQJfCl j8Jq2HIN1CawyGqrjy63/sroH7wpFnlblPvJo/n4PxUdHI3983nXutQAQfQTQ6iY frHs2Aeen1N4FlVbhoPiuS3K6TJN5jBT1hu11wdgTH6kvXQ8BBUc48TDoJr1ZbU9 +CSOBJtqRoYRFwA9PNYPgEkN8j6pFz5TaB70BE7+o26NXjMHs/yEPnzVja8EZjAQ Qmrbue5peJG0rggbkIwg+ekwM1QDNkfwtpuNVc9DO+BgSAR3O94cA9y9e3mijQ7e AYhuTwljNNYWMGu63vhdkTRlEYzh96aXTmNMbWlVNibAkHjj9HNms2sHynI6mS/9 w9zwDOi4FWjf1Sb1c6TpLs13giHLS1widX5vnB87z9Y/79qcbkWCqbKsX71cZYew QyERLiiScV8YL5sp3dCCYPxoGf+cMuPW8WrkBMCvd5sYKNh2tCE8qJDP5zw/+aBs yJaYDuHUNh4= =KTLS -----END PGP SIGNATURE-----