MDKSA-2006:214-1
- Package name
- gv
- Date
- 2006-12-04
- Advisory ID
- MDKSA-2006:214-1
- Affected versions
- CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64
Problem description
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU
gv 3.6.2, and possibly earlier versions, allows user-assisted attackers
to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the
DocumentMedia header.
Packages have been patched to correct this issue.
Update:
The patch used in the previous update still left the possibility of
causing X to consume unusual amounts of memory if gv is used to view a
carefully crafted image designed to exploit CVE-2006-5864. This update
uses an improved patch to address this issue.
Updated packages
CS4.0 x86_64
0ee8389a3bdcddc68f8814e36924ee09 corporate/4.0/x86_64/gv-3.6.1-4.3.20060mlcs4.x86_64.rpm c5784a887c2c4bce4db77939e2625a01 corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm
2006.0 i586
7226199941b3c2bae9d572fa18287cec 2006.0/i586/gv-3.6.1-4.3.20060mdk.i586.rpm cf07ebfa4c2b7b71a12e001ba72074cf 2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm
2007.0 x86_64
c8c9f156f94c083597a18476760df046 2007.0/x86_64/gv-3.6.1-7.2mdv2007.0.x86_64.rpm 17718d7117787714553282997268e4d6 2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm
2007.0 i586
63a4fc9774e298c2c6904ffcce648216 2007.0/i586/gv-3.6.1-7.2mdv2007.0.i586.rpm 17718d7117787714553282997268e4d6 2007.0/SRPMS/gv-3.6.1-7.2mdv2007.0.src.rpm
CS3.0 x86_64
0844488c9a53873554e7d092ec372889 corporate/3.0/x86_64/gv-3.5.8-31.2.C30mdk.x86_64.rpm ac4f70a00ad3a619a3be53d8f83b3325 corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm
CS4.0 i586
09d1689d5390bf63c927b3cce7d5ffa6 corporate/4.0/i586/gv-3.6.1-4.3.20060mlcs4.i586.rpm c5784a887c2c4bce4db77939e2625a01 corporate/4.0/SRPMS/gv-3.6.1-4.3.20060mlcs4.src.rpm
CS3.0 i586
7c282139a275fa0886e284649fe84549 corporate/3.0/i586/gv-3.5.8-31.2.C30mdk.i586.rpm ac4f70a00ad3a619a3be53d8f83b3325 corporate/3.0/SRPMS/gv-3.5.8-31.2.C30mdk.src.rpm
2006.0 x86_64
2b6d68c47a6774c8b27ad8263ff89f96 2006.0/x86_64/gv-3.6.1-4.3.20060mdk.x86_64.rpm cf07ebfa4c2b7b71a12e001ba72074cf 2006.0/SRPMS/gv-3.6.1-4.3.20060mdk.src.rpm