Debian alert DLA-3965-1 (ghostscript)

From:
             
 
Adrian Bunk <bunk@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3965-1] ghostscript security update
Date:
             
 
Sun, 24 Nov 2024 23:59:56 +0200
Message-ID:
             
 
<Z0Oh3G5KldGkNj9D@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3965-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 24, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ghostscript
Version        : 9.53.3~dfsg-7+deb11u9
CVE ID         : CVE-2024-46951 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956

Multiple vulnerabilities have been fixed in the PostScript/PDF 
interpreter Ghostscript.

CVE-2024-46951

    PS interpreter unchecked pointer

CVE-2024-46953

    output filename format string integer overflow

CVE-2024-46955

    PS interpreter out-of-bounds

CVE-2024-46956

    PS interpreter out-of-bounds

For Debian 11 bullseye, these problems have been fixed in version
9.53.3~dfsg-7+deb11u9.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdDodwACgkQiNJCh6LY
mLHMyg//WfQCyO0IyTomS1L01dcDQojhSr1lyun7Hlsl2LXy8NdwkVW2jB0itHWy
HZZRW9Xb6JYlVRrhz720LH7nfe8Kr6bZcP1LZy2Ev5bKHsn6B6rLVHs+kqWdRIvj
hzffYkx78q7FeAyl3DZickb+dInFMz2RbkO71VTPIRGL3DPmcpcFrs/CZf+1H3zh
uMVERqlyO/EC2ORJn9yx7eg6dIa00v/VfXrFgyGb73W+ZBQ3QFD53O9lpA5JC7eE
LVUOQYKoyH357gE5vU+d9q+j3QMVNKclGONrw+EZzDb6UP887oyMjGMTZGTPEq3m
eFNjxk1Q8w7XbJWN2mZZ/6SfUDyqrNg/pP/KBSFmtvHVb1LEajOEdqU/dMThbQ0h
AY/klvXurIelJ/WkowPAX3PMPFZg2FVMf1M4iBzlnpTvpAJLc1yRMAm6kdSdzHnv
ulZ6mES1qjU0yxVUhyp3ZaEW/JIXbAG4JbUTzN+FQn7kU8PEkiC2tCgwLrfcZ0Kp
sLpqnLzOWucyLFQLUwFZD6n92py2zdd8T5iOQ/JPCoOOcojYrXvhVhcd/ikxpaC3
ChhVTn8bxVxAbykMD47iNKKG++vicAW/7vVHczOR1PolU4Zjj+HjvKZP/3N6dhhM
Y3y/6Eaut7m3yXjSnY7T30LKcwAzmfnXodGiec5p+//ReDwAZu8=
=rAZD
-----END PGP SIGNATURE-----