Package name
gv
Date
2006-11-17
Advisory ID
MDKSA-2006:214
Affected versions
CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU
gv 3.6.2, and possibly earlier versions, allows user-assisted attackers
to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the
DocumentMedia header.

Packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 83ce335c19110b08f0c09bae1367258a  corporate/4.0/x86_64/gv-3.6.1-4.2.20060mlcs4.x86_64.rpm 
 28881d7af1aa98d3f1fa77498a6b7c5c  corporate/4.0/SRPMS/gv-3.6.1-4.2.20060mlcs4.src.rpm

2006.0 i586

 ce4424472e46670b330f6002505f872d  2006.0/i586/gv-3.6.1-4.2.20060mdk.i586.rpm 
 86e5b4a6b2a85ac41ec8e5afa1a8316c  2006.0/SRPMS/gv-3.6.1-4.2.20060mdk.src.rpm

2007.0 x86_64

 14dc71ab4e90e9ff5a710a26d9fbbc74  2007.0/x86_64/gv-3.6.1-7.1mdv2007.0.x86_64.rpm 
 8adc972aaae161da8792bc53188144f2  2007.0/SRPMS/gv-3.6.1-7.1mdv2007.0.src.rpm

2007.0 i586

 6e1283be29d02cc561a4f70d691aa2ab  2007.0/i586/gv-3.6.1-7.1mdv2007.0.i586.rpm 
 8adc972aaae161da8792bc53188144f2  2007.0/SRPMS/gv-3.6.1-7.1mdv2007.0.src.rpm

CS3.0 x86_64

 f311ea2a2f426eaf0b12388e9701170a  corporate/3.0/x86_64/gv-3.5.8-31.1.C30mdk.x86_64.rpm 
 8802de3f3264171d1a01e63bad0fb5a2  corporate/3.0/SRPMS/gv-3.5.8-31.1.C30mdk.src.rpm

CS4.0 i586

 bcacc5d595ece53e589089b2f0ee79f4  corporate/4.0/i586/gv-3.6.1-4.2.20060mlcs4.i586.rpm 
 28881d7af1aa98d3f1fa77498a6b7c5c  corporate/4.0/SRPMS/gv-3.6.1-4.2.20060mlcs4.src.rpm

CS3.0 i586

 7d48d9f5848d68634903602b9c74e201  corporate/3.0/i586/gv-3.5.8-31.1.C30mdk.i586.rpm 
 8802de3f3264171d1a01e63bad0fb5a2  corporate/3.0/SRPMS/gv-3.5.8-31.1.C30mdk.src.rpm

2006.0 x86_64

 45235ffad1a29f06b97c4398522d4109  2006.0/x86_64/gv-3.6.1-4.2.20060mdk.x86_64.rpm 
 86e5b4a6b2a85ac41ec8e5afa1a8316c  2006.0/SRPMS/gv-3.6.1-4.2.20060mdk.src.rpm

References