-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ghostscript Version : 9.06~dfsg-2+deb8u9 CVE ID : CVE-2018-16543 CVE-2018-17183 Debian Bug : 908303
Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). In addition this update changes the device to txtwrite for the ps2ascii tool to prevent an error due to the fix for CVE-2018-17183. For Debian 8 "Jessie", these problems have been fixed in version 9.06~dfsg-2+deb8u9. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluwuBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRJlw//WtDhtl0e8Os0ZWE76BoU/LfH52rrJKYdgdrRAdbacg4L9DOXybXp3A7b dTpMiCvZbmM1mazzH1Rtm/X7+Az1gx7LLFvMzwat6c/a9dnu9ZtrOSHq0OdAFWwc FchKHDJDtqVhGC1A5FXZjx8KbQk44S3Vr2fdFs3gbEPpXX1ZIvdAtm6+Nk1yxVoJ 2PjaeCzy7n7ex1ymTOV88v4OTvyk1z6+ugBeX56DAuoNhq79qZX6TqiNNdzO++NI nvV4Z2SVw4DyqVhcsGHgEXUcY7SK8ihGDO3NSnOFGnMHKAvJEYzayKm1n7PNI3ot cFtEZ4t89iQTofwR9yKCKJthdiVoCzbRMfHbPAgKfM5yd7bzH5yR0p9PfDuPRTvg pxYDgrmTXnw0jsYPfVVQhtf4lYgZiJs7vBxYBwznuKhVnJcTpcCvxtxkLG1gl6ot 574RAuSs1CRlJ9E3q+xGyqMyyxufKy9B7Efpds4LPFsT0YjaSFE4p368DmqVTnev m9ytxUPSeByy8YBG9IArpFWvj5cqW36H7MXmfqFUeCo4CzzPQZImj4m7K0kk9YSF bodolCO4zn0qYlJAPSIXBCSdvuXCk+3Xp1NoBwN8MJY6Fyi+SOxE7TKRO+riLbhD mD261MANVUkQSERLWz/DXI1GxXD56f5d/+BhxpCwd7BTSX/6Gmk= =DxDL -----END PGP SIGNATURE-----
