Debian: 'gv' Buffer overflow vulnerability

    Date16 Oct 2002
    CategoryDebian
    2152
    Posted ByLinuxSecurity Advisories
    This problem is triggered by scanning the PostScriptfile and can be exploited by an attacker sending a malformedPostScript or PDF file. The attacker is able to cause arbitrary codeto be run with the privileges of the victim.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 176-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 16th, 2002                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : gv
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2002-0838
    BugTraq ID     : 5808
    
    Zen-parse discovered a buffer overflow in gv, a PostScript and PDF
    viewer for X11.  This problem is triggered by scanning the PostScript
    file and can be exploited by an attacker sending a malformed
    PostScript or PDF file.  The attacker is able to cause arbitrary code
    to be run with the privileges of the victim.
    
    This problem has been fixed in version 3.5.8-26.1 for the current
    stable distribution (woody), in version 3.5.8-17.1 for the old stable
    distribution (potato) and version 3.5.8-27 for the unstable
    distribution (sid).
    
    We recommend that you upgrade your gv package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.dsc
          Size/MD5 checksum:      555 3aa3cb663f578cbf02c09f370951a814
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.diff.gz
          Size/MD5 checksum:    29382 2e9e7149b69bf36a80632c8b695b6495
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
          Size/MD5 checksum:   369609 8f2f0bd97395d6cea52926ddee736da8
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_alpha.deb
          Size/MD5 checksum:   278646 b12dd5fef60ff840b3921a511eb28c74
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_arm.deb
          Size/MD5 checksum:   238918 52892bea304128845836b4c9976d39a3
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_i386.deb
          Size/MD5 checksum:   226416 4f44d7df45cec7b132c1c7c9a6ba84ea
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_m68k.deb
          Size/MD5 checksum:   217712 2decb437f1a28beac92edb63f3d31444
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_powerpc.deb
          Size/MD5 checksum:   244382 cb3bd27b214e391ada83ce0593e16715
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_sparc.deb
          Size/MD5 checksum:   237878 ba1bdf19f68f62d36c8f58c015867287
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.dsc
          Size/MD5 checksum:      559 e7a2b5dfb91d7217d1b171b24682ea41
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.diff.gz
          Size/MD5 checksum:    18453 f9910a58912e1a6fbaef33ff4fe27b94
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
          Size/MD5 checksum:   369609 8f2f0bd97395d6cea52926ddee736da8
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_alpha.deb
          Size/MD5 checksum:   273262 6cb8adebf56cc25ef43d1358636dc9ca
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_arm.deb
          Size/MD5 checksum:   243382 2707a8a87e133a45cc2a98dd223e7c8f
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_i386.deb
          Size/MD5 checksum:   226106 304f32b84e6497612222a26c9dc5c1fd
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_ia64.deb
          Size/MD5 checksum:   313888 522c58c4d2fecb99424533c4980d1409
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_hppa.deb
          Size/MD5 checksum:   252054 aa50a00ebb6d5c304ec94bbf1e65a2c9
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_m68k.deb
          Size/MD5 checksum:   216922 d11c3c10e70fb1593ce15c2b6c3863be
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mips.deb
          Size/MD5 checksum:   252064 6b944b4c04f4488ea380063bdf3324ad
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mipsel.deb
          Size/MD5 checksum:   250914 87afee172cf73ed91ad0449fadd9bb4b
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_powerpc.deb
          Size/MD5 checksum:   243450 9c77e9860e1044bc4c7b9a7b054e8a4d
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_s390.deb
          Size/MD5 checksum:   232784 96242f88c593319e0d3fddef928c47d2
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_sparc.deb
          Size/MD5 checksum:   237798 e5091427da6e76dbb9bb34cf03e94647
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.