Univention Bugzilla – Bug 48406
ghostscript: Multiple issues (4.2)
Last modified: 2019-01-09 14:16:43 CET
New Debian ghostscript 9.06~dfsg-2+deb8u13 fixes: This update addresses the following issues: * Type confusion in setpattern (700141) (CVE-2018-19134) * Attempting to open a carefully crafted PDF file results in long-running computation (699856) (CVE-2018-19478)
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/ghostscript_9.06~dfsg-2+deb8u12.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/ghostscript_9.06~dfsg-2+deb8u13.dsc @@ -1,3 +1,14 @@ +9.06~dfsg-2+deb8u13 [Thu, 27 Dec 2018 13:26:27 +0000] Lucas Kanashiro <kanashiro@debian.org>: + + * Non-maintainer upload by the Debian LTS team. + * Fix CVE-2018-19134: the setpattern operator did not properly validate certain + types. A specially crafted PostScript document could exploit this to crash + Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript + process. This is a type confusion issue because of failure to check whether the + Implementation of a pattern dictionary was a structure type. + * Fix CVE-2018-19478: Attempting to open a carefully crafted PDF file results in + long-running computation. + 9.06~dfsg-2+deb8u12 [Wed, 28 Nov 2018 14:41:28 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://10.200.17.11/4.2-5/#2329732037938336180>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 23c1a6cc41 Bug #48406: ghostscript 9.06~dfsg-2+deb8u13 doc/errata/staging/ghostscript.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.2-5] 1096c98604 Bug #48406: ghostscript 9.06~dfsg-2+deb8u13 doc/errata/staging/ghostscript.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.2/568.html>