[SECURITY] [DLA 1915-1] ghostscript security update

2019-09-0912:08:44

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.8%

JSON

Package : ghostscript
Version : 9.26a~dfsg-0+deb8u5
CVE ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817

It was discovered that various procedures in Ghostscript, the GPL
PostScript/PDF interpreter, do not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.

For Debian 8 "Jessie", these problems have been fixed in version
9.26a~dfsg-0+deb8u5.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10ppc64ellibgs9< 9.27~dfsg-2+deb10u2libgs9_9.27~dfsg-2+deb10u2_ppc64el.deb
Debian9arm64ghostscript-x< 9.26a~dfsg-0+deb9u5ghostscript-x_9.26a~dfsg-0+deb9u5_arm64.deb
Debian8i386ghostscript< 9.26a~dfsg-0+deb8u5ghostscript_9.26a~dfsg-0+deb8u5_i386.deb
Debian10armellibgs9< 9.27~dfsg-2+deb10u2libgs9_9.27~dfsg-2+deb10u2_armel.deb
Debian10i386ghostscript< 9.27~dfsg-2+deb10u2ghostscript_9.27~dfsg-2+deb10u2_i386.deb
Debian10mipslibgs9< 9.27~dfsg-2+deb10u2libgs9_9.27~dfsg-2+deb10u2_mips.deb
Debian9s390xghostscript< 9.26a~dfsg-0+deb9u5ghostscript_9.26a~dfsg-0+deb9u5_s390x.deb
Debian9armelghostscript-dbg< 9.26a~dfsg-0+deb9u5ghostscript-dbg_9.26a~dfsg-0+deb9u5_armel.deb
Debian8allghostscript< 9.26a~dfsg-0+deb8u5ghostscript_9.26a~dfsg-0+deb8u5_all.deb
Debian9mipsghostscript< 9.26a~dfsg-0+deb9u5ghostscript_9.26a~dfsg-0+deb9u5_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	ppc64el	libgs9	< 9.27~dfsg-2+deb10u2	libgs9_9.27~dfsg-2+deb10u2_ppc64el.deb
Debian	9	arm64	ghostscript-x	< 9.26a~dfsg-0+deb9u5	ghostscript-x_9.26a~dfsg-0+deb9u5_arm64.deb
Debian	8	i386	ghostscript	< 9.26a~dfsg-0+deb8u5	ghostscript_9.26a~dfsg-0+deb8u5_i386.deb
Debian	10	armel	libgs9	< 9.27~dfsg-2+deb10u2	libgs9_9.27~dfsg-2+deb10u2_armel.deb
Debian	10	i386	ghostscript	< 9.27~dfsg-2+deb10u2	ghostscript_9.27~dfsg-2+deb10u2_i386.deb
Debian	10	mips	libgs9	< 9.27~dfsg-2+deb10u2	libgs9_9.27~dfsg-2+deb10u2_mips.deb
Debian	9	s390x	ghostscript	< 9.26a~dfsg-0+deb9u5	ghostscript_9.26a~dfsg-0+deb9u5_s390x.deb
Debian	9	armel	ghostscript-dbg	< 9.26a~dfsg-0+deb9u5	ghostscript-dbg_9.26a~dfsg-0+deb9u5_armel.deb
Debian	8	all	ghostscript	< 9.26a~dfsg-0+deb8u5	ghostscript_9.26a~dfsg-0+deb8u5_all.deb
Debian	9	mips	ghostscript	< 9.26a~dfsg-0+deb9u5	ghostscript_9.26a~dfsg-0+deb9u5_mips.deb