it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5446-1] ghostscript security update
- Date: Mon, 03 Jul 2023 20:10:41 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1qGPsf-004PY9-Jp AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=1kYT//V/RVQznLHssRf2vaAIOVV2rfKi91+mu40S9LQ=; b=vJ iJyewxO4/L+n/AKYFTRXqJ4DGmQG3zX/2L+VaXvdKuS4Fkf3lU/NDaXB3m0RnB+COootvcpx2oRSv e7U/4HtZ8AUBCkyIRoCe6CeY/0JubxRVQdaNEt5TYph2ZtOdUK/WhqVuOkA6IASNk+V5yWlCwy/cr NE6yollZ5f/j21ZQ3F4C5qUNQ4kUxNPoIRNECSf7DA/vgKekJIUEi4zgUT1fK1HDU+WBUlf6aYWdV 15jMumQl1sQ4ZEJnOSUwDplZIm7MY4WfiN/bt3j80alP507simMjYKaaWt0yanAD/oC/euDw3QvWd Kvy5+AymE6xWd3/174QaiLoK/KCIz/hA==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 3 Jul 2023 20:11:06 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <CrCeUmn887N.A.zfE.atyokB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5446-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 03, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ghostscript
CVE ID : CVE-2023-36664
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,
does not properly handle permission validation for pipe devices, which
could result in the execution of arbitrary commands if malformed
document files are processed.
For the oldstable distribution (bullseye), this problem has been fixed
in version 9.53.3~dfsg-7+deb11u5.
For the stable distribution (bookworm), this problem has been fixed in
version 10.0.0~dfsg-11+deb12u1.
We recommend that you upgrade your ghostscript packages.
For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSjKvpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T5lBAAivkfCmcEfUUjFaT3xhCMNFX5bCHJalKiZ0YpLfLOq6zhveOUoemlI6Va
lXRmV3kOz7ZdgghXkQ+TxrdcK0GmKy/Mb5Osi4oWU9KcID8Qa/Gu0aEGuz0YCCik
yGcaUMlkaZZRtnse5lPOf27avgBDZEkw5vwSXlCEdgleOY/fpX13sKdOrUB5H4Ma
79T5RqcLIxMQn/L2YChfjz+3iuY5rfgY50d00g+1r+xomALzQBqYpMFB2iM52gwo
BTOQ9nVr2+fuQdfE71ZVHjqOn+xVhJhhKp7fG/uzPz021L1Jec0xvjxh3WGEPfc8
kF6sShnoze06l9LfyyVsH629+G0zxcvaK2chku5iJU1zzUh5NQiCMbo6Tdp1c8Ox
IuuPwdVIRJbMqCDPvz+UJ/KxbnAhN77f/3eb98wTdPWHdW6t5LPdngDxXimHg6RX
i2eANVjFOp6XZZ6iju9TvsxPq/MMiBlbD5KPnUK8n6sl8O1b7lHZgy7KU2qFIqWc
s482gsrf9ZIMMR4PgNJjp3YQDXjkME/AgUwWKpEx91MKSyc1ygfZYJr7WRnwg81d
gTX7hx/GW9fcwprTcGn2H3FmJsnuIYz9wsgLp5x6/WWB1tF7ZGzhYHNgK0QphejD
DGTDUTqRcYsiVTkfutBJw2OzDVoIQyrUn78y9Ux1aueF1NM1fMQ=
=bsYs
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5446-1] ghostscript security update, Salvatore Bonaccorso, 03.07.2023
Archiv bereitgestellt durch MHonArc 2.6.24.