Univention Bugzilla – Bug 48041
ghostscript: Multiple issues (4.2)
Last modified: 2018-10-24 17:51:27 CEST
New Debian ghostscript 9.06~dfsg-2+deb8u11 fixes: This update addresses the following issues: * Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. (CVE-2018-17961) * Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. (CVE-2018-18073) * Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. (CVE-2018-18284)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/ghostscript_9.06~dfsg-2+deb8u10.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/ghostscript_9.06~dfsg-2+deb8u11.dsc @@ -1,3 +1,15 @@ +9.06~dfsg-2+deb8u11 [Mon, 22 Oct 2018 12:50:48 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-17961, CVE-2018-18073 and CVE-2018-18284: + This is a follow-up update for the recently discovered -dSAFER issues + reported by Tavis Ormandy. + Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an + interpreter for the PostScript language, which could result in denial of + service, the creation of files or the execution of arbitrary code if a + malformed Postscript file is processed (despite the dSAFER sandbox being + enabled). + 9.06~dfsg-2+deb8u10 [Mon, 01 Oct 2018 12:20:22 +0200] Markus Koschany <apo@debian.org>: * Berkeley Roshan Churchill reported a regression caused by an incomplete fix <http://10.200.17.11/4.2-5/#2329732037940501230>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 19bbe5635b Bug #48041: ghostscript 9.06~dfsg-2+deb8u11 doc/errata/staging/ghostscript.yaml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) [4.2-5] 8d6e79589d Bug #48041: ghostscript 9.06~dfsg-2+deb8u11 doc/errata/staging/ghostscript.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<http://errata.software-univention.de/ucs/4.2/534.html>