important: ghostscript/thunderbird security update
An update for ghostscript/thunderbird is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
ghostscript: This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript (PS) and Portable Document Format (PDF) page description languages. Its primary purpose includes displaying (rasterization & rendering) and printing of document pages, as well as conversions between different document formats.
thunderbird: Mozilla Thunderbird is a standalone mail and newsgroup client.
ghostscript: A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.(CVE-2019-14869)
thunderbird: No description is available for this CVE.(CVE-2019-17010)
thunderbird: No description is available for this CVE.(CVE-2019-17011)
thunderbird: No description is available for this CVE.(CVE-2019-17012)
thunderbird: No description is available for this CVE.(CVE-2019-17008)
thunderbird: No description is available for this CVE.(CVE-2019-17005)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Remember the build tag is 5.04.F21.