A ghostscript security update has been released for Debian GNU/Linux 8 Extended LTS to address a security vulnerability.
ELA-606-1 ghostscript security update
Package ghostscript
ELA-606-1 ghostscript security update
Version 9.26a~dfsg-0+deb8u9
Related CVEs CVE-2019-25059
A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file system outside of the constrains imposed by -dSAFER.
For Debian 8 jessie, these problems have been fixed in version 9.26a~dfsg-0+deb8u9.
We recommend that you upgrade your ghostscript packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
