Debian 9859 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1913-1: memcached security update

Debian GNU/Linux 9 and 10:
DSA 4518-1: ghostscript security update



DLA 1913-1: memcached security update

Package : memcached
Version : 1.4.21-1.1+deb8u3
CVE ID : CVE-2019-15026
Debian Bug : #939337

It was discovered that there was a stack-based buffer over-read
in memcached, the in-memory object caching system.

For Debian 8 "Jessie", this issue has been fixed in memcached version
1.4.21-1.1+deb8u3.

We recommend that you upgrade your memcached packages.

DSA 4518-1: ghostscript security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817

It was discovered that various procedures in Ghostscript, the GPL
PostScript/PDF interpreter, do not properly restrict privileged calls,
which could result in bypass of file system restrictions of the dSAFER
sandbox.

For the oldstable distribution (stretch), these problems have been fixed
in version 9.26a~dfsg-0+deb9u5.

For the stable distribution (buster), these problems have been fixed in
version 9.27~dfsg-2+deb10u2.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/