[SECURITY] [DLA 905-1] ghostscript security update

2017-04-20T13:44:59
ID DEBIAN:DLA-905-1:29822
Type debian
Reporter Debian
Modified 2017-04-20T13:44:59

Description

Package : ghostscript Version : 9.05~dfsg-6.3+deb7u5 CVE ID : CVE-2016-10219 CVE-2016-10220 CVE-2017-5951

ghostscript is vulnerable to multiple issues that can lead to denial of service when processing untrusted content.

CVE-2016-10219

Application crash with division by 0 in scan conversion code triggered
through crafted content.

CVE-2016-10220

Application crash with a segfault in gx_device_finalize() triggered
through crafted content.

CVE-2017-5951

Application crash with a segfault in ref_stack_index() triggered
through crafted content.

For Debian 7 "Wheezy", these problems have been fixed in version 9.05~dfsg-6.3+deb7u5.

We recommend that you upgrade your ghostscript packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

-- Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/