Paketname
gv
Datum
2006-12-04
Advisory ID
MDKSA-2006:214-1
Betroffene Versionen
CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problembeschreibung

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU
gv 3.6.2, and possibly earlier versions, allows user-assisted attackers
to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the
DocumentMedia header.

Packages have been patched to correct this issue.

Update:

The patch used in the previous update still left the possibility of
causing X to consume unusual amounts of memory if gv is used to view a
carefully crafted image designed to exploit CVE-2006-5864. This update
uses an improved patch to address this issue.

Aktualisierte Pakete

CS4.0 x86_64

 0ee8389a3bdcddc68f8814e36924ee09  corporate/4.0/x86_64/gv-3.6.1-4.3.20060mlcs4.x86_64.rpm 
 c5784a887c2c4bce4db77939e2625a01  corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm

2006.0 i586

 7226199941b3c2bae9d572fa18287cec  2006.0/i586/gv-3.6.1-4.3.20060mdk.i586.rpm 
 cf07ebfa4c2b7b71a12e001ba72074cf  2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm

2007.0 x86_64

 c8c9f156f94c083597a18476760df046  2007.0/x86_64/gv-3.6.1-7.2mdv2007.0.x86_64.rpm 
 17718d7117787714553282997268e4d6  2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm

2007.0 i586

 63a4fc9774e298c2c6904ffcce648216  2007.0/i586/gv-3.6.1-7.2mdv2007.0.i586.rpm 
 17718d7117787714553282997268e4d6  2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm

CS3.0 x86_64

 0844488c9a53873554e7d092ec372889  corporate/3.0/x86_64/gv-3.5.8-31.2.C30mdk.x86_64.rpm 
 ac4f70a00ad3a619a3be53d8f83b3325  corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm

CS4.0 i586

 09d1689d5390bf63c927b3cce7d5ffa6  corporate/4.0/i586/gv-3.6.1-4.3.20060mlcs4.i586.rpm 
 c5784a887c2c4bce4db77939e2625a01  corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm

CS3.0 i586

 7c282139a275fa0886e284649fe84549  corporate/3.0/i586/gv-3.5.8-31.2.C30mdk.i586.rpm 
 ac4f70a00ad3a619a3be53d8f83b3325  corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm

2006.0 x86_64

 2b6d68c47a6774c8b27ad8263ff89f96  2006.0/x86_64/gv-3.6.1-4.3.20060mdk.x86_64.rpm 
 cf07ebfa4c2b7b71a12e001ba72074cf  2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm

Referenzen