ELA-606-1 ghostscript security update

restriction bypass

2022-05-09
Packageghostscript
Version9.26a~dfsg-0+deb8u9
Related CVEs CVE-2019-25059

A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file system outside of the constrains imposed by -dSAFER.

For Debian 8 jessie, these problems have been fixed in version 9.26a~dfsg-0+deb8u9.

We recommend that you upgrade your ghostscript packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/