Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2773
ghostscript security update
18 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ghostscript
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-16802 CVE-2018-16509
Reference: ESB-2018.2753
Original Bulletin:
http://www.debian.org/security/2018/dsa-4294
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4294-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2018 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : ghostscript
CVE ID : CVE-2018-16509 CVE-2018-16802
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an
interpreter for the PostScript language, which could result in the
execution of arbitrary code if a malformed Postscript file is processed
(despite the dSAFER sandbox being enabled).
For the stable distribution (stretch), these problems have been fixed in
version 9.20~dfsg-3.2+deb9u5.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluewVQACgkQEMKTtsN8
TjZKVQ//RhvqG3Buk4G71ebxpuu1+B512/GVmm+G9o3kDJ1CqjgEcyQ6AeFhJ2qK
RH5Stl3MJdGzRTQZJlwm9DBJ8RgZ62KLotY7mtdCFJ9S0aGmYpVdj2s590h6I8xY
NsMfVRn1qvsr95rS7YuZSXLCcg1TGJ0ZHdev2jjeb2vIFTCFpZ4/lrb0wUh5yAyL
WJhhkmM2UlEQg5MdJzkNG6SSPIrUFzBAQDNyE/s8juCmiJuH8JgmnQcJiXdcN5xD
pnmLZdjng+q4GUWL7vV+zzsTQzvPQhQiyhdk7o6cgI/1ObxIH8fd4QY7tHLB9GUs
lmf5X9yq6u2Iul0UkNHxmAeNVQrZjTCSr46KvemQIhCWO21R3BM+vaxgjuwdxhzM
S14JuSQYjLAc/NlIeBEgDne8tP+zJssUiF2rFSb5s5ArxI0FRQrBj+1CkWCDy0ky
RRK3Em9GFm6nqRlO+nKg/kMGqV4Da8UgT/XS2qMFPX+BbYfCJLvwSkcnrcEGBzbj
Q06n/EN9ANA+yex+Au/6K2Zsw91zpdYp0UtniUdC0CIJZF3wRaAdx6kMCG7dkdKm
L3YjHCqPY26jdu05Xq187F72hss6CIfrc1yd+buVNYDm3fpyyR4j1JblCArv3/DO
0ApEDWbUU+q/pyxkOpV466YNrzbzta5BXuGZ7E6bYuXIZ++0B64=
=JHEI
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW6B+5GaOgq3Tt24GAQgO9BAAqgfaZcNdJTUZvdL0aNRj3jgDTCu1u3rK
zpRa82h1EV+beAiKNXOVrUP0GOJgNIbpCK7bZBRaGpxzo+PR8yArtGvuqAKWtaY+
QZvoCA8z9zOW8p20VK40lYGfIMWT16SYDcSW1RuBVgG5E2KadMPQhY1rRHOMAapY
P4BLPZA5ZP0vSw7IUY65w9aiTX4MhzmTYqfPsGHWUT13B3+t+PGH1n0BPpazGpz1
HXYNxT9xs4QnUwgys7S2DmTv3dEuzKAoVq0+E9shJ/A+bYUJ7GSb3jvBejbPYT7+
a3UZO9CA3Zn+Mx7CHT73csLskuBbNGRMouxz/RPf6be4+54a8Bu7Ug5UcZZHIiUC
dU3W8+HnDHR2UhIj00vjh60RHIQWgBaTkEgRVFSTygKtgXVWJiVteF1lT10gnyhW
FZ8WEGcjFPDpN+9Pjfesw9PckCZYYfIoxZH/5ZeHts6iowDfx3ukFrAdZ/mNtZof
qg3dd2RsUik7EIMyOg7L9QBz3ORX+HUq/dbhVT0bxd7upS4Gk1EPPHdhWlZCF1XD
7GhQqP8QBawA8wvSvMw+v1XARKPP81tpL49IG4KwUJF0lApp1VJqBt42AWKBvEmH
WR0qL7M5T5usXBCGAqlDpdOTZwLpPFLyNefEVvgFTs/SS2Wk8QBvRCN58CXrKpXN
P/awsdQ521Y=
=/xzU
-----END PGP SIGNATURE-----