[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] buffer overflow in gv
- To: linux-security
- Subject: [linux-security] buffer overflow in gv
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 30 Oct 2002 18:36:26 -0800
- User-Agent: Mutt/1.4i
Topic
=====
buffer overflow in gv allows execution of arbitrary code
Problem Description
===================
A buffer overflow was discovered in gv versions 3.5.8 and earlier.
The problem is triggered by scanning a file and can be
exploited by an attacker sending a malformed PostScript or PDF file.
This would result in arbitrary code being executed with the privilege of
the user viewing the file. ggv uses code derived from gv and has the
same vulnerability.
Affected Versions
=================
gv versions 3.5.8 and earlier
Solution
========
upgrade to patched version for your distribution
RedHat 6.2
----------
rpm -Fvh gv-3.5.8-18.6x.i386.rpm
RedHat 7.0, 7.1
---------------
rpm -Fvh gv-3.5.8-18.7x.i386.rpm
RedHat 7.2, 7.3
---------------
rpm -Fvh gv-3.5.8-18.7x.i386.rpm ggv-1.0.2-5.1.i386.rpm
RedHat 8.0
----------
rpm -Fvh gv-3.5.8-19.i386.rpm ggv-1.99.9-5.i386.rpm
Debian 2.2 (potato)
-------------------
upgrade to gv_3.5.8-17.1_i386.deb, gnome-gv_0.82-2.1_i386.deb
Debian 3.0 (woody)
------------------
upgrade to gv_3.5.8-26.1_i386.deb, gnome-gv_1.1.96-3.1_i386.deb
Mandrake 8.0
------------
rpm -Fvh gv-3.5.8-18.1mdk.i586.rpm ggv-1.1.0-1.1mdk.i586.rpm
Mandrake 8.1
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.1.0-1.1mdk.i586.rpm
Mandrake 8.2
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.1.94-2.1mdk.i586.rpm
Mandrake 9.0
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.99.9-1.1mdk.i586.rpm