[SECURITY] [DSA 3326-1] ghostscript security update

2015-08-0212:43:48

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Debian Security Advisory DSA-3326-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2015 https://www.debian.org/security/faq

Package : ghostscript
CVE ID : CVE-2015-3228
Debian Bug : 793489

William Robinet and Stefan Cornelius discovered an integer overflow in
Ghostscript, the GPL PostScript/PDF interpreter, which may result in
denial of service or potentially execution of arbitrary code if a
specially crafted file is opened.

For the oldstable distribution (wheezy), this problem has been fixed
in version 9.05~dfsg-6.3+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 9.06~dfsg-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 9.15~dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 9.15~dfsg-1.

We recommend that you upgrade your ghostscript packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-amd64ghostscript-dbg< 9.05~dfsg-6.3+deb7u2ghostscript-dbg_9.05~dfsg-6.3+deb7u2_kfreebsd-amd64.deb
Debian8amd64ghostscript-x< 9.06~dfsg-2+deb8u1ghostscript-x_9.06~dfsg-2+deb8u1_amd64.deb
Debian7sparcghostscript-dbg< 9.05~dfsg-6.3+deb7u2ghostscript-dbg_9.05~dfsg-6.3+deb7u2_sparc.deb
Debian7s390ghostscript-x< 9.05~dfsg-6.3+deb7u2ghostscript-x_9.05~dfsg-6.3+deb7u2_s390.deb
Debian7kfreebsd-i386ghostscript-cups< 9.05~dfsg-6.3+deb7u2ghostscript-cups_9.05~dfsg-6.3+deb7u2_kfreebsd-i386.deb
Debian8powerpclibgs9< 9.06~dfsg-2+deb8u1libgs9_9.06~dfsg-2+deb8u1_powerpc.deb
Debian7kfreebsd-amd64ghostscript-cups< 9.05~dfsg-6.3+deb7u2ghostscript-cups_9.05~dfsg-6.3+deb7u2_kfreebsd-amd64.deb
Debian8mipselghostscript-x< 9.06~dfsg-2+deb8u1ghostscript-x_9.06~dfsg-2+deb8u1_mipsel.deb
Debian8s390xghostscript-dbg< 9.06~dfsg-2+deb8u1ghostscript-dbg_9.06~dfsg-2+deb8u1_s390x.deb
Debian8powerpcghostscript-dbg< 9.06~dfsg-2+deb8u1ghostscript-dbg_9.06~dfsg-2+deb8u1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-amd64	ghostscript-dbg	< 9.05~dfsg-6.3+deb7u2	ghostscript-dbg_9.05~dfsg-6.3+deb7u2_kfreebsd-amd64.deb
Debian	8	amd64	ghostscript-x	< 9.06~dfsg-2+deb8u1	ghostscript-x_9.06~dfsg-2+deb8u1_amd64.deb
Debian	7	sparc	ghostscript-dbg	< 9.05~dfsg-6.3+deb7u2	ghostscript-dbg_9.05~dfsg-6.3+deb7u2_sparc.deb
Debian	7	s390	ghostscript-x	< 9.05~dfsg-6.3+deb7u2	ghostscript-x_9.05~dfsg-6.3+deb7u2_s390.deb
Debian	7	kfreebsd-i386	ghostscript-cups	< 9.05~dfsg-6.3+deb7u2	ghostscript-cups_9.05~dfsg-6.3+deb7u2_kfreebsd-i386.deb
Debian	8	powerpc	libgs9	< 9.06~dfsg-2+deb8u1	libgs9_9.06~dfsg-2+deb8u1_powerpc.deb
Debian	7	kfreebsd-amd64	ghostscript-cups	< 9.05~dfsg-6.3+deb7u2	ghostscript-cups_9.05~dfsg-6.3+deb7u2_kfreebsd-amd64.deb
Debian	8	mipsel	ghostscript-x	< 9.06~dfsg-2+deb8u1	ghostscript-x_9.06~dfsg-2+deb8u1_mipsel.deb
Debian	8	s390x	ghostscript-dbg	< 9.06~dfsg-2+deb8u1	ghostscript-dbg_9.06~dfsg-2+deb8u1_s390x.deb
Debian	8	powerpc	ghostscript-dbg	< 9.06~dfsg-2+deb8u1	ghostscript-dbg_9.06~dfsg-2+deb8u1_powerpc.deb