Univention Bugzilla – Bug 48238
ghostscript: Multiple issues (4.3)
Last modified: 2019-01-03 10:37:29 CET
New Debian ghostscript 9.26~dfsg-0+deb9u1 fixes: This update addresses the following issues: * Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409) * psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. (CVE-2018-19475) * psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. (CVE-2018-19476) * psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. (CVE-2018-19477)
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/ghostscript_9.25~dfsg-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/ghostscript_9.26~dfsg-0+deb9u1.dsc @@ -1,3 +1,13 @@ +9.26~dfsg-0+deb9u1 [Sat, 24 Nov 2018 23:32:54 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * New upstream version 9.26~dfsg + + Includes fixes for the following security vulnerabilities: + CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 + * Drop patches cherry-picked upstream now applied + * Unfuzz patch 2009. + * Update symbols: 12 private added. + 9.25~dfsg-0+deb9u1 [Thu, 08 Nov 2018 16:06:47 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.3-2/#5662133188765993357>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] cf2d4f39f9 Bug #48238: ghostscript 9.26~dfsg-0+deb9u1 doc/errata/staging/ghostscript.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<http://errata.software-univention.de/ucs/4.3/362.html>